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(54) SYSTEM FOR DELIVERING PROGRAM TO STORAGE MODULE OF MOBILE TERMINAL 



(57) A UsM 1 2 having a plurality of storage areas is 
built into ormounteCin a mobile terminal 11. A contents 
server 19, upon receot of a distribution request from the 
mobiie terminal 11. distributes a program or data used 



at the time of program execution or the program :-sd* 
through a network including a radio network. This pro- 
gram and the data or the program itself are stored in the 
storage area of the UIM 12 and not through the con-rot 
unit of the mobile terminal 11 . 
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Description 

TECHNICAL HELD 

[0001] The present invention relates to a technique for 
distributing a program (application or applet) to a stor- 
age module built or mounted m a mobile terminal. 

BACKGROUND ART 

[0002] In recent years, a mobile term in al has been de- 
vested wrier has a program executing environment. 
An example of a mobile terminal of this type is one which 
has s Java virtual machine. The user installs a program 
in tne mobile terminal and thus can add a desired func- 
tion to the mobile- terminal. 

[0003) However, even if desirable functions are added 
to a mobile terminal, a user is liable to become tired of 
using the same mobile terminal after a protracted peri- 
od. On the other hand, the mobile terminal industry suf- 
fers fierce competition and various new products, attrac- 
tive to users, have been successively placed on the mar- 
ket. A user may want to change his mobile terminal with 
a new desirable product placed on the market. Once the 
mobile terminal is replaced, however, the functions lhat 
have hitherto been added to the old mobile terminal can- 
not be used any longer, if the same functions are to be 
used even after the change of a mobile terminal, the pro- 
grams that have been installed in the old mobile terminal 
have to be installed In the new mobile terminal. This is 
a troublesome job. 

DISCLOSURE OF THE INVENTION 

[0004] This invention has been achieved in view of the 
situation described above, and the objecl thereof is to 
provide a system in which even after a mobile terminal 
is changed, the programs that could be used before the 
change of the mobile terminal, can be continuously used 
after the change. 

[0005] In order to achieve this object the present in- 
ventors have taken notice of a certain type of a mobile 
terminal, that is to say, a mobile terminal capable of be- 
ing mounted or having fitted therein a module tor storing 
the subscriber information including the subscriber 
number and the memory dial information (hereinafter re- 
ferred to as the user ID module or UIM) The user 0 r this 
type of the mobile terminal, whenever desirous of 
changing it with a new mobile terminal, can use the new 
mobile terminal in similar manner simply by mounting or 
building into the new mobile terminal the UIM which he 
may have. In connection with this the present inventors 
have come up with the following idea Specifically, once 
a program is storecl in Shis UIM. the program used with 
the old mobile terrnlnai can be easily transferred to the 
new mobile terminal for an improved operating conven- 
ience of the user 

[0906] Nevertheless, the problem of security has 



been an obstacle to realizing such a novel mobile ter- 
minal. 

[0007] Firs!, as long as no limit is set on the operation 
of writing a program in the UIM. trie inherent functions 
5 of the mobile terminal may be undesirably destroyed in- 
tentionally or negligently. 

[0008] Also, the subscriber information stored in the 
UIM may include the persona! information cr data hav- 
ing monetary value. From the viewpoint of security, 
io therefore, careful consideration is necessary net to 
cause the leakage of this information in writing a pro- 
gram in the UIM. 

[0009] in order to solve this security problem and im- 
prove the operating convenience for the user, according 

'5 to thepresent invention, there is provided a program dis- 
tribution system: comprising a mobile terminal having 
means for transmitting a program distribution request, 
a storage module Duilt in or connected to the mobile ?or- 
minal, a contents server for receiving the distribution re- 

so quest and transmitting a program to be distributed and 
a distribution management server for receiving the pro- 
gram from the contents server and, as long as the con- 
tents server is authorized, transmitting the program re- 
ceived from Ihe contents server to the storage module 

2s built in or connected to the mobile terminal, character- 
ized in that the storage module includes a storage unit, 
and a control unit for storing in the storage unit the pro- 
gram received from the distribution management server 
through the mobile terminal and executing the program 

so stored in the storage unit in response to a request. 
[0010] Also, according to the present invention, there 
Is provided a program distribution system comprising a 
mobile terminal having means for transmitting a pro- 
gram distribution request, a storage module built in or 

35 connected to the mobile terminal, and a distribution 
management server for receiving the distribution re- 
quest; and in the case where the program to be distrib- 
uted is provided by the authorized contents server, ac- 
quiring and transmitting the program to the storage mod- 

40 ule built in or connected to the mobile terminal, charac- 
terized in that the storage module includes a storage 
unit, and a control unit for receiving the information 
through the mobile terminal, storing the information m 
the storage unit only in the case where the information 

is is the program received from the distribution manage- 
ment server and executing the program stored In the 
storage unit in response to a request. 
[0011] With these systems, only a program supplied 
through trie distribution management server from an au- 
thorized contents server is written in the storage module 
and therefore, the user can write a new program in the 
storage module with guaranteed security 

BRIEF DESCRIPTION OF THE DRAWINGS 

55 

[0012] 

Fig. 1 is a block diagram showing a configuration of 
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a program distnoutron system accorcfrc- to a firs: 
embodiment of tne invention. 
Fig. 2 shows ;hs external appearance of a mobile 
terminal according to the same embodiment. 
Fig. 3 is a block diagram showing a configuration of 5 
the same mob»e terminal. 
Fig. 4 is a diagram showing a configuration of the 
same mobile terminal and the UIM built in or con- 
nected to it. 

Fig. 5 is a sequence diagram showing the process *0 
from program distribution to activation according to 
the same embodiment. 

Fig 6 is a sequence diagram showing the program 
distribution operation according to the same em- 
bodiment. 15 
Fig 7 is a diagram showing a display screen of the 
mobile terrninai at the time of program distribution. 
Fig 8 is a sequence diagram showing the program 
activation operation according to the same embod- 
iment. 20 
Fig. 9 is a sequence diagram showing the process- 
es of the program deactivation in compliance with 
a request from tne contents server according to the 
same embodiment. 

Fig. 10 is a sequence diagram showing the process S5 
of the program delete operation in compliance wiih 
a request from the contents server according to the 
same embodiment. 

Fig. 11 is a sequence diagram showing the process 
of the program deactivate operation and the pro- so 
gram delete operation in compliance with, a request 
from the distribution management server according 
to the same embodiment. 
Fig. 12 is a sequence diagram of the U!M exchang- 
ing the version information according to the same 3S 
embodiment, 

Fig 1 3 is a sequence diagram showing the process 
ending in a program distribution failure due to a 
memory shortage. 

Fig 1 A is a sequence diagram showing the process -»o 
ending in a program distribution failure due to a 
memory error 

Fig 15 is a diagram showing a display screen pro- 
vided to the user at the time of program deletion. 
Fig. 1 6 is a diagram showing a display screen pro- « 
vided to the user at the time of account settlement 
for an electronic commercial transaction. 
Fig. 1 7 is a diagram showing a display screen pro- 
vided to the user at the time of commodity purchase 
in male crder sale 50 
Fig. 1 8 is a diagram showing a display screen for 
sotting the automatic program start. 
Figs. 19 and 20 are diagrams showing a display 
screen at the time of using a commutation pass. 
Fig. 21 is a btooK diagram showing a configuration 55 
cf a program distribution system according to a sec- 
ond embodiment of the invention. 
Fig. 22 is a diagram showing a configuration of a 



memory in the UIM according to the same embod- 

Fig. 23 is a biock diagram showing a configuration 
of a distribution management server 1 6A according 
to the same embodiment. 
Fig. 24 is a sequence diagram showing tne process 
for registration in a user information storage unit. 
Figs. 25 and 26 are sequence diagrams showing 
the operation of registering a program registered ;n 
the user information storage unit, in any of the basic 
blocks of the UIM 12. 

Figs. 27 and 23 are sequence diagrams showing 
the operation of registering a program registered in 
the user information storage unit , in any of the basic 
oiocks of the'JsM. 

Fig. 29 is a sequence diagram showing the opera- 
tion of deleting a program registered in the user in- 
formation storage unit 51. 

Fig. 30 is a sequence diagram showing the opera- 
tion cf deleting a program registered in the basic 
blocks of the UIM. 

Fig. 31 is a sequence diagram showing the deacti- 
vation process for the user information storage unit. 
Fig. 32 is a sequence diagram showing the deacti- 
vation process for the basic blocks. 

BEST MODE FOR CARRYING CUT THE INVENT; ON 

[0013] Now, preferred embodiments of the invention 
will be explained wiih reference to the drawings. 

[1] First embodiment 

[1.1] General configuration of program distribution 
system 

[0014] Fig. 1 is a block diagram showing a configura- 
tion of a program distribution system according to a first 
embodiment of the invention 

[0015] A program distribution system 10 roughly com- 
prises a mobile terminal 11 , a radio base station 13, a 
switching station 14, a network mobile communication 
service control unit 15, a distribution management serv- 
er 16, a distribution service control unit 1 7, an authenti- 
cation server 1 8. a contents server 1 9 and a public net- 
work 20. 

[00163 The mobile terminal 11 is an information 
processing unit, for exampie, having communication 
functions such as a portable telephone or a PHS (Per- 
sonal l-landyphcne System (registered trade name)) 
Further, the mobile terminal 11 has mounted or built 
therein a UIM (User Identification Module) 12 capable 
of storing various programs or data 
[0017] The radio base station 1 3 communicates with 
the mobile terminal 11 through a radio link. 
[0018] The switching station 1 4 controls tne switching 
operation between the mobile Seminal 11 and a com- 
mon channel interoffice signs! network 20 constituting a 
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Aire network, connected to each other through the radio 
base station 13. 

[00 1 9] The network moo* communication service 
control unit 15 controls the communication in the case 
where a program is distributed to the mobile terminal 11 
through the public network 20. 
[0020] The contents server 1 S distributes various con- 
tents on the one hand and distributes a program as re- 
quested from the mobile terminal 11 on the other. 
[0021] The distribution management server 16 relays 
and manages thedisiibu: or of a program i-om tnecer:- 
tsnts server 1 9 to the UIM 12. The distribution of a pro- 
gram to the UIM 12 and access to a program stored in 
She us'M 12 are carried out always through the distribu- 
tion management server "6. This is the most signit-can: 
feature of thrs embodiment 

[0022] The distribution service control unit 17 oper- 
ates like an interface between the distribution manage- 
ment server 16 and the public network 20 in the case 
where a program is- distributed through the public net- 
work 20. 

[0023] The authentication server 1 8 is a device for is- 
suing a certificate required for program distribution to 
the contents server 19. This certificate includes a UIM 
public key having the function of expiating, for the ben- 
efit of the UIM 12, that the contents server 19 is duly 
authorized to distribute a program to the UIM 12. and a 
distribution management server public key having the 
function of certifying, for the benefit cf the distribution 
management server 16, that the contents server 19 is 
similarly authorized. 

[0024] The contents server 19, the distribution man- 
agement server 1 6 and the authentication server 1 8 ac- 
cording to this embodiment have the foiiowmg functions, 
respectively. 

(a) According to this embodiment, the contents 
server 19 sends a program addressed to the USM 
12, to the- distribution management server 1 6, which 
m turn distributes the program to the UIM 12. The 
contents server 1 9 never distributes the program di- 
rectly to the U IM 12. 

(b) The contents server 19 distributes a program to 
the UIM 12 bye v , ^ - > .( ofapublic- 
key type with the distribution management server 
16 as an intermediary The U'M 12 of each user is 
equipped with « PKI (public key infrastructure), and 
each UIM 12 tv;s. & U;M private key unique to the 
particu ; ar UIM "2. For distributing a program ad- 
dressed tc a given UIM 12, the contents server 19 
acquires a UiM public key paired with a UIM private 
key for the particular UiM 12. whereby the program 
is encrypted. 

(c) According to this invention, only an authorized 
contents server 19 can distribute a program ad- 
dressed to the UIM 12 The authorized contents 
server 19 is assigned a distribution management 
server public key The contents server 1 9, upon re- 



ceipt of a distribution request from the mobile Tor- 
mina] 11, further encrypts, by the distribution man- 
agement server public key. the program already en- 
crypted by the UIM pubic key and addressed to the 
5 UIM 12, and sends it to the distribution manage- 
ment server 16 

[1 .2] Configuration of mobile terminal 

»o [0025] Fig. 2 shows the external appearance of the 
mobile terminal 11 . The mobile terminal 11 includes a 
display section 21 and an operating section 22 
[0026] As shown in Fig 2, various processing menu 
items, the screen being browsed, the telephone number 
sceen. etc. a r e diso aye; cr the crsp-ay section 21 
[0027] 1 he operating section 22 has a plurality of op- 
erating buttons for inputting various data and displaying 
menu item screens. One of the operating buttons of the 
operating unit 22 is a UiM button 23. The UIM button 23 

so i& operated by the user for utilizing a program stored in 
the UIM 12 

[0028] Fig. 3 is a biock diagram showing a configura- 
tion of a mobile terminal. 

[0029] The mobile lerminalU includes a display sec- 

29 tlon 21 , an operating section 22, a control unit 31 , a stor- 
age unit 32, an externa! equipment interface (l/F) unit 
33, a communication unit 34, a UIM interface (l/F) unit 
35 and an voice input/output unit 36. 

[0030] The control unit 31 controls the various parts 

30 of the mobile terminai 11 based on the control data and 
the control program stored in the storage unit 32. 
[0031] The storage unit 32 is configured of a ROM. a 
RAM, etc.. and has a plurality of storage areas including 
a program storage area for storing various programs 

35 such as a browser for accessing an internet and a data 
storage area for storing various data. 
[0032] The externa! equipment l/F unit 33 is an inter- 
face utilized by the control unit 31 and the UiM 12 for 
exchanging information with an external device. 

40 [0033] The communication unit 34 transmits various 
data including audio and text messages to the radio 
base station 1 3 through the antenna 34A under the con- 
trol of the control unit 31 on the one hand, and recedes 
various data sent to the mobile terminal 1 1 through the 

*s antenna 34A on the other hand. 

[0034] The UIM l/F unit 35 inputs/outputs data f-om 
and to the control unit 31 . The UiM l/F unit 35 also out- 
puts the output data from the communication unit 34 or 
the external equipment l/F unit 33 to the UIM 12 without 

so the intermediation of the control unit 31 Also, the output 
data of the UIM 12 is output directly to the external 
equipment l/F unit 33 or the communication unit 34 di- 
rectly without the intermediation of the control unst 31 . 
The reason why the data are input/output from and to 

55 the external equipment l/F 33 orthecommunieatior. unit 
34 without the intermediation of trie control unit 31 is in 
orderto prevent an illegal access to the data on the UIM 
1 2 by the alteration of the control program of the control 
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unit 31 and thus to maintain security. 
(1 3j Configuration of UlM 

[C035J Fig. 4 shows a configuration of the UlM 12. in 
p.q 4 a part o! the component elements of the mobile 
terminal 11 are shown together with the component el- 
ements of the UlM 12 to clarify the relation with the mo- 
biis terminal 11. As shown in Fig. 4. the UlM 12 includes 
a memory 12M, which in turn, roughly, has a system ar- 
ea 12A anc an application area 12B. 
[0036] The system area 12A has stored therein per- 
sonal information data unique to each user such as sub- 
scriber number data outgoing call history information 
data, incoming cast history information data, speech time 
information data and a UlM private Key The mobile ter- 
minal 11 communicates with ether communication units 
□sing the subscriber number data in the system area 
12A as a catling line identity. 

[0037] The application area 1 2B is for storing the pro- 
gram distributed and the data used at the time of exe- 
cution of the program, and divided into a plurality of ba- 
sic clocks. In the case shown in Fig. 4, the application 
area 12B is divided into six basic blocks 40-1 to 40-6. 
[0038] The basic blocks 4G-1 to 40-6 each include a 
program area 41 and a data area 42. The program area 
41 of each Basic block 40-k has stored therein a program 
(an application or an applet). The data area 42 of each 
basic block 40-k, on the other hand, has stored therein 
the data used at the time of executing the program in 



the program 



a 41 of the same basic block 4 



[0039] The basic blocks 40-1 to 40-6 are independent 
of each other, and are basically so managed that the 
application or the applet stored in the program area 41 
of a given basic block 40-] cannot access the data area 
42 of another basic block 40-k (* ]). By employing this 
configuration, the security ot each program is main- 
tained. Even in the case where data having a monetary 
value (what is called ,: a value") are recorded in the data 
area 42 of a given basic block 40-j. therefore, the par- 
ticular data Is never rewritten, intentionally or incidental- 
ly, by a program stored in another basic block 40-k (* j). 
[0040] The application orthe applet constituting a pro- 
aram stored in the program area 4i , on the other hand, 
cannot be distributed or deleted without t he intermediary 
of the distribution management server 1 6. The data area 
42. however, can be operated directly through the dis- 
tribution management server 16 or a local terminal as 
in the case whore the electronic money is downloaded 
from an ATM 

[0041] Further, the application area 12 has a storage 
area for an activation flag Indicating whether the pro- 
gram in the program area 41 of each of the basic blocks 
40-1 to 40-6 can be executed or not. 
[0042] The control unit 30 is a means for writing a pro- 
gram for the basic blcck of the application area 12B ; set- 
ling or resetting the activation flag corresponding to 
each basic block or executing a program in a designated 



basic block, in response to a request given through the 
mobile terminal 11 . Upon arrival of a program encryptsd 
by the UlM public key from the distribution management 
server 16. the control unit 30 decrypts the program using 
! the UlM private key in the system area 1 2 and writes; it 
in a basic block. Also, (he control unit 30 can execute 
the program in the basic block. In the process, the infor- 
mation required by the program in execution is acquit ed 
from the other party of tne communication in the network 
0 or from the user of the mobile terminal 1 1 through, the 
browser executed by the mobile terminal 1 1 The control 
unit 30 can also send the result of program execution to 
the other party of communication in the network or ser e 
it to the user o? the mobile terminal 1 1 through the brows - 
•s er. Also, the control unit 30 can exchange information 
with external devices through the hardware resources 
of the mobile terminal 11 without the intermediary cf the 
browser in accordance with the program in the basic 
block. An example of a program available for this pur- 
io pose is an application program for causing the mobile 
terminal 11 to function as a commutation pass. In exe- 
cuting this program, the control unit 30 can exchange 
the pass information with the card reader/writer at the 
gates of a railway station utilising a short-range radio 
35 unit (not shown) connected to the external equipment I/ 
F of the mobile terminal 30 The program forthe control 
unit 30 to perform the various processes described 
above, including the execution and control of the pro- 
gram in the application area is stored in the system area 
30 12A. 

[1 .4] Operation of first embodiment 

[0043] Now, the operation of the first embodiment will 
35 be explained taking the distribution of the commutation 
pass applet as an example 

[0044] Fig. 5 is a sequence diagram showing the proc- 
ess of program distribution, write operation and activa- 
tion. 

40 [0045] As shown in Fig. 5, these series of processes 
are roughly configured of the step of distributing an in- 
active program (applet) as a memory module to the U;M 
12 and writing it in the UlM 12 (step 51), and an activa- 
tion step for activating the program written (step S2). 

(1.4.1 1 Issue of certificate to distribution management 
server 

[0046] Fig. 6 is a sequence diagram showing the proc- 
so ess of distributing a program and writing it in !he UlM 
12. As shown in Fig. 6 the authentication server 13 is- 
sues a certificate to the contents server 19 permitted to 
distribute the program addressed to the UlM 12 istep 
S11). The certificate is issued to enable the cements 
55 server 1 9 and the distribution management server 1 6 to 
perform the encryption communication based or the 
public key encryption method. Specifically, in order to 
make possible the encryption communication using a 
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public key. a distributors management server private key 
and a distribution management ssrver public key, con- 
stituting a pair, are generated. The distribution manage- 
ment server private Key ;s stored :n the distribution man- 
agement server 16, wn- e t^e o st^cution management s 
server public key is -transmitted (mm tne authentication 
server 1 8 to the contents server 19 as a certificate iden- 
tifying a person permitted to distribute a program. The 
contents server 1 9, upon receipt of the distribution man- 
agement server public key, stores it in preparation for 10 
program distribution. 

1 1.4.2| Program distribution request 

[0047] The user can cause the control unit 31 to exe- - 5 
cute the browser and ihus can access the home page 
of the contents provider by operating [he operating sec- 
tion 22 of the mobile terminal 11 . As a result of this ac- 
cess, a distribution menu screen D1 indicating the pro- 
grant distribution performed by the contents server 19 20 
of the contents provider is displayed., as shown in Fig. 
7, on the display section 21 of the mobile tormina- 11. 
Under this condition, the user transmits a program (ap- 
plet) distribution request from the mobile terminal 11 
through the network to the contents server 19 by oper- 
afcng the operating section 22 of the mobile terminal 11 
(step S12). 

[1 4.3) Certificate issue request to Ulfvt 

30 

[0048] The contents server 1 9, upon receipt of a dis- 
tribution request from the mobile terminal 11, sends a 
certificate issue request to the authentication server 18 
(step S12). This certificate issue request contains the 
information for specifying the li'M 12 of the mobile ier- 35 
minal 11, Ths certificate issue is requested in order to 
enable the contents server 1 9 to conduct the encryption 
communication of public key type with the UIM 12. More 
specifically, in order to make possible the encryption 
communication cf puc-lic key type, the UIM private key 40 
and the UlM public key paired with the former are gen- 
erated in advance, and the UIM private key is stored in 
the UIM 12 in advance, while the UIM public key is 
stored in the authenticate- serve' ^« inaavance. Insteo 
Si 2, the UiM public key stored in the authentication 45 
server 1 8 is requested as a certificate of a person per- 
mitted to distribute tx program addressed to the UIM 1 2. 

[1 4.4] issue of certificate and distribution of program 
with certificate to UiM so 

[0049] The authentication server 18, upon receipt of 
a certificate issue request from the contents server 19, 
issues to the contents server 19 a UIM public key as a 
certificate corresponding to the UiM 12 specified by the 55 
particular issue request, (step $14). 
[0050} The contents server 1 9 encrypts the program 
of which distribution is requested, by use of the UIM pub- 



lic key corresponding to the UIM 12. The program ob- 
tained by the encryption is considered a program with a 
certificate for a iegitimate person authorized to access 
the UiM 12 

[0051] Then, the program encrypted by she UIM pubic 
Key is 'unher encrypted by the contents server 1 9 using 
the distribution management server public key received 
from the authentication server 18 in advance. The pro- 
gram obtained by this encryption can be considered a 
program having attached thereto both a certificate 
showing a legitimate person authorized to access she 
UIM 12 and a certificate showing a legitimate person au- 
thorized to distribute a program through the distribution 
management server 16. 

p .4.5] Program distribution 

[0052] The contents server 1 9 distributes the program 
obtained by the aforementioned two encryption ses- 
sions, to the distribution '"-.nayonierii seiver 1 6 throuoh 
the network (step S15). 

[0053] The distribution management server 16 de- 
crypts the encrypted program distributed from the con- 
tents server 19, using tho distribution management 
server private key. Once this decryption succeeds, the 
program encrypted only by the UIM public key can se 
obtained, in this case, the contents server 19 can ce 
considered a iegitimate person authorized to distribute 
a program addressed to the UIM 12. The distribution 
management server 1 6 transmits the data on the screen 
02 shown in Fig. 7 to the mobile terminal 11, and causes 
the data to be displayed on the display section 21 . This 
screen D2 is for making an inquiry at the user as to 
whether the program can be distributed or not. 

(1 .4.6] Writing in UIM 

[0054] After the user confirms the screen 02 and per- 
forms the operation through the operating section 22 for 
permitting the program distribution, a notice to permit 
distribution is sent to the distribution management serv - 
er 1 6. The distribution management server 1 6, upon re- 
ceipt of the notice, distributes to the UiM 12 the program 
obtained by decryption, i.e. the program encrypted by 
the U:M public Key (step S16). 
[0055] This encrypted program is delivered as it is to 
the control unit 30 of the UIM 12 through the mobile ter- 
minal 11 . Specifically, the mobile terminal "-1 simply pro- 
vides the UIM 12 with the communication function. This 
operation by the mobile terminal 11 guarantees the se- 
cure transmission to and the secure write operation into 
the UiM 12. 

[0056] If the distribution management server 16 is -o 
send a program to the UIM 12 in the aforementioned 
manner, it is necessary forth© distribution management 
server 16 to establish a link with the UiM 12 This in rum 
requires the acquisition o! the telephone number of the 
mobile terminal 11 with the UIM 12 connected thereto 
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or built therein. 

[0057} In one conceivable method to achieve this, at 
the lime of issuing a distribution request frcm the mobile 
terminal 11 to the contents server 19. the telephone 
number of the mobile terminal 1 1 is caused to be trans- 
mitted to the contents server 1 9 which sends this tele- 
phone number to tre distribution management server 
16. In this way, ths distribution management server 16 
can access the mode terminal 11 using the telephone 
number sent to it, and thus can distribute the program 
addressee to the U:M IS. 

[0058] Another available method is described below. 
Specifically, in advance of issuing a distribution request 
from the mobile terminal 11 to the contents server 19, 
an identifier is determined between the mobile terminal 
1i and the distribution management server 1 6 in place 
of the telephone number of the mobile terminal it sc 
that the distribution management server 16 stores the 
telephone number and Ihe identifier as information cor- 
responding to eac?- other. The mobile terminal 11 sends 
a distribution request containing the identifier to the con- 
tents server 1 9, which in turn attaches the identifier to a 
program when sending the program to the distribution 
management server 16. The distribution management 
server 16 determines the telephone number of the mo- 
bile terminal 1 1 from, the identifier, and based on this tel- 
ephone number, calls the mobile terminal 11 and distrib- 
utes the program addressed to the UIM 12. This melhod 
has the advantage that the need is eliminated o? notify- 
ing the telephone number of the mobile terminal 11 to 
the contents server 19. 

[0059] The control unit 30 of the UIM 1 2. upon receipt 
of a program encrypted by the UIM public key in the 
manner described above, decrypts the program using a 
UIM private key paired with the particular UIM public 
key Once this decryption ends in success, a program 
is obtained in tne form of an ordinary text not encrypted. 
In this case, the contents server 19 making up the origin 
is considered a psrson duly authorized to distribute a 
program to the UIM 12. The UIM 12 writes the program 
obtained by decryption, in the appropriate one of the ba- 
sic blocks 40-1 to 40-6 of the memory. 
[0060] Dunr.g this write operation, the screen D3 
shown in Fig. 7 is displayed by the mobile terminal 11 . 

[1 4 7) Write completion response 

[0061] At ths end of the program write operation, the 
control unit 30 of the U iM 1 2 transmits a write completion 
notice to the distribution management server 1 6 togeth- 
er with the information specifying the basic block having 
the particular program written therein (step S17). 
[0062) in the process, the screen D4 indicatirtg that 
the write operation is complete (the registration is over) 
is displayed, as shown in Fig. 7. on the display section 
21 of the mobile terminal 11 After that, the screen is 
again turned to D1 by the user operation. 



fl.4.8] Distribution completion notice 

[0063] The distribution management server, upon re- 
ceipt o? a program write completion notice from the UIM 

s 12, registers the information specifying the written pro- 
gram in a data base as information corresponding to the 
information indicating the basic block of the UIM 12 in 
which the particular program is written. 
[0064] 3y accessing to the data base, the distribution 

10 management server 18 can easily grasp the program 
stored in each of all the basic blocks 40-1 to 40-6 of ihe 
UIM 12. 

[0065] The distribution management server 16, upon 
distribution of a program into the UIM 12. starts ihe 

is chargeprocess against thecodonts provider of the con- 
tents server 19 from which the program is distributed. 
The timing of starting the charge process is not limited 
to this, but may be coincident with the timing of activsHon 
described later. 

no [0066] Thecorttents provider arecharged against the 
following items. 

(a) Rental charge for basic blocks in UIM 12 

25 [0067] Upon distribution of a program from the con- 
tents server 19 to the UIM 1 2, the particular program is 
stored in one of the basic blocks 40-1 to 40-6 in the UIM 
12. The particular basic block can be considered to be 
rented to the contents provider owning the contents 

30 server 1 9 for storing the program. Thus, a charge cor- 
responding to the rental period, i.e. the period during 
which the program is stored in the basic block is made 
against the contents provider as a rentai charge. 

35 (b) Transaction fee 

[0068] The program transmitted from the contents 
server 19 is distributed to the UIM 1 2 through the proc- 
ess in the distribution management server 16. A consid- 
40 eration for the process performed by the distribution 
management server 1 6 is charged against the contents 
provider as a transaction fee. 

[0069] The user of the UIM 1 2 receives the service in 
terms of the distribution ot a program from the contents 

<ts server 19, and therefore is required to pay the charge 
in consideration of the service. The distribution manage- 
ment server 16 may collect the service charge from the 
user on behalf of tne contents provider together wif: the 
communication charge forthe user, and delivers ths col- 

50 lected service charge to the contents provider irs the 
character of what might be called a "factor". In this case, 
the charge made against the contents provider may con- 
tain the factoring fee. 

[0C70] Upon complete program distribution, the eilstri- 
55 butlon management server 16 notifies the contents 
server 19 (step Si 8) 
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[1 4. 91 Activation 

[0071] The program distributed lo the JIM 12 and 
stored in the basic block cannot be executed by the user 
before activation. 

[0072] The user only receives the distribution but is 
not permitted to execute the program distributedtc him, 
in order to enable the contents provider to control the 
program execution start time. 
[0073] The activation is effectively utilized, for exam- 
ple, in the case where 'no time t*> »ta-t the i;se of 9 now:y 
marketed game program is determined. By use o) the 
activation, the release date (program distribution date) 
and the date to start to use (activation, date) can be set 
separately from each other, thereby making it possible 
to reduce the load on the contenis server * 9. 
[00741 Another example is a case in which the pro- 
gram for using the mobile terminal 1- as a commutation 
cvtss is dis;- fcutoc =c :hv' c-'-te *?.. 'i <«sc. the acti- 
vation is utilized to make the program executable from 
the first date of the term of validity of the commutation 
pass. 

[0075] The operation for activation will be explained 
below with reference to Fig. 8. 

t1 .4.9.1] Activation request to distribution management 
server 

[0076] Whenever the activation becomes necessary 
for a given program, the contents server 19 sends an 
activation request to the distribution management serv- 
er 16 (step S21). This activation request contains the 
information specifying a program to be activated. Also, 
in the case where only the program stored in the UIM 
12 of a specific Liser is activated, the activation request 
contains the identifier (the telephone number of the mo- 
bile terminal 1 1 or an alternative identifier) of the partic- 
ular user 

[1 .4.9.2] Activation request to UtM 

[0077] The distribution management server 1 6, upon 
receipt of an activation request, issues an activation re- 
quest to the UIM 12 of the mobile terminal 11 (step S22) 
As already described, the Information specifying the 
written program is registered in the data base of the dis- 
tribution management server 16 as information corre- 
sponding to the information indicating the basic block of 
the UIM 12 in which the program is written. The distri- 
bution management server 16, upon receipt of the acti- 
vation request refers to the particular data base and de- 
termines the UIM 1 2 to which the program to bo activat- 
ed is distributed and the basic block in which the pro- 
gram is written. In the case where the same program 
stored In a plurality of UIMs 12 is activated, as many 
activation processes as the UIMs 12 are performed. 
Each mobile terminal 11 in which the corresponding UIM 
12 is mounted or auilt is accessed, and an activation 



request is sen! to the UIM 12. The activation request 
sentto each mobile terminal 11 contains the information 
specifying the basic block having stored therein the pro- 
gram to be activated. 

5 [0078] This aclivation request, when received by the 
mobile terminal 11 , is directly sent to the UIM 12. The 
control unit 30 of the UIM 1 2 executes the activation m 
accordance with the activation request. Specifically, the 
UIM 12 sets the activation flag from '0" to "1" for the 

10 basic block specified by the activation request The con- 
trol unit 30 of the UIM 12 responds to a request, if any, 
to execute the program stored in the basic biock with 
the activation flag turned "1" A request, if any, to exe- 
cute the program in the basic block with the activation 

ts flag "0". however, is rejected. 

[1 .4.9.3] Activation end response 

[0079] The UIM 12, upon complete program activa- 
te tiers, transmits an activation end notice to the distribution 
management server 1 6 (step S23) This notice contains 
the information specifying the program of which the ac- 
tivation is ended, or more specifically, the information 
specifying the basic btock storing the particular pro- 
2$ gram 

[1 .4.9.4] Activation completion notice 

[0080] The distribution management server 16, upon 

30 receipt 0? the aclivation completion notice from the UIM 
12, determines the basic block of the UIM 12 in which 
the completely activated program is stored. The infor- 
mation to the effect that the activation is completed is 
registered in the storage area in the data base prepared 

35 for the particular basic block. 

[0081] As the result of this registration, the distribution 
management sever 16 can grasp, by accessing the da- 
la base, whether each program in the basic blocks 40-1 
Ic 40-6 is activated or net for a=l the UIMs 12. 

■io [0082] Upon registration of activation completion for 
a!! the UIMs to which the program of which the activation 
is requested are distributed, the distribution manage- 
ment server 16 notifies the contents server 1 9 that the 
program activation Is complete (step S24). This notice 

*s contains the information specifying the program thst has 
been activated. 

[1.4.1C] Deactivation 

so [0083] The program distributed to the UIM 12 and ac- 
tivated may require deactivation. This requirement oc- 
curs, for example, in a case where a program for the 
mobile terminal 1 1 to function as a credit card is stored 
In the UIM 12, and the user has lost the particular UIM 

55 12, in such a case, the deactivation is started m re- 
sponse to the request from the user informed of the loss. 
Other examples include a case in which the user that 
has received a service has failed to pay the service 
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charge before Ihe due dale. In such a case, at the re- 
quest of -he contents provider providing such a service, 
the deactivation of the program for receiving the partic- 
ular service can be started. 

[0084] The deactivation process wiil be explained be- 5 
lew with reference to Fig. 9. 

[1 .4.10.1.1 Deactivation request to distribution 
management sen/er 

[0085] The contents server 1 9 : whenever required to 
deactivate a program distributed to a Uifvl 12, sends a 
deactivation request to the distribution management 
server 16 specifying the particular Uifvl 12 and the pro- 
gram to be deactivated (step S31 } is 



[1.4.10.2] Deactivation request to C 



[0086] The distribution management server 1 6, upon 
receipt of this deactivation request : accesses the data 20 
base and determines that basic block in the UIM 12 
specified by the deactivation request which stores the 
program to be deactivated. Ther, the distribution man- 
agement server 16 sends a deactivation request to the 
mobile terminal 11 in which the particular UIM 12 is 2$ 
mounted or built (step SS2). This deactivation request 
contains the information specifying the basic biock stor- 
ing the program to be deactivated. 
|O0S?i Tii® derivation request is sent to the UIM 12. 
through the mobile terminal 1 1 . The activation flag pre- 30 
pared for the basic block specified by the deactivation 
request is reset from 'T to : 'C" by the UIM 12. After that, 
the execution of the program in this particular basic 
block is prohibited. 

35 

[1.4.10.3] Deactivation end response 

[0088] The Uifvl 12, upon termination of the program 
deactivation, notifies the distribution management serv- 
er 16 (step S33). This notice contains the information *o 
specifying the program which has been deactivated, or 
specifically, the infotmaticn specifying the basic biock 
storing the program. 

[1 4.10.4] Deactivation completion notice 45 

[0089] The distribution management server 16, upon 
receipt of a program deactivation end notice from the 
WM 12, determines, cased cn the notice, the basic 
block of the UliVS 12 storing the program of which the so 
deactivation has been completed The information to the 
effect that the deactivation is complete is registered in 
the storage area of the data base prepared for the par- 
ticular basic block. 

[0090] Upon registration of completion of the deacti- 55 
vation. the distribution management server 16 notifies 
the contents server IS of the completion of the deacti- 
vation (step S34). 



[1 .4.11] Deletion (only when desired by user) 

[0091] A deactivated program wastefuily occupies a 
memory area in the UIM 12. ft is desirable for both ine 
user and the contents provider to deiete such an unnec- 
essary program, The deletion of the program, however, 
cannot be left to the user, if the user arbitrarily deletes 
the program in ihe UIM 12, the rent charging process 
for the UIM would continue to proceed in spite cf the 
program deletion, unless the fact of deletion is notified 
to the distribution management server 16 immediately. 
[0092] According to this embodiment, therefore, 
whenever the user desires to delete a program, the pro- 
gram is deleted underthecontrolof the distribution man- 
agement server 16. 

[0093] A deletion, based on a reason on the side of 
the contents provider, is basically not permitted due to 
the resulting complication of the charging process. 
[0094] The operation of deleting a program in re- 
sponses the desire of the use- will be explained below 
with reference to Figs. 10 and 15 

[1,4.11.1] Program deletion request 

[0095] The user accesses a predetermined home 
page of the contents provider py operating the operating 
section 22 of the mobile terminal 11 A distribution men.; 
screen D11 shown in Fig 15 is displayed on the display 
screen of the display section 21 of the mobile terminal 
11 . This distribution menu screen D1 1 is provided by the 
contents server 19 of the contents provider distributing 
the program. When the user selects a menu item mean- 
ing the deletion of a program, a screen D1 2 asking the 
user whether the deletion can becarried out is displayed 
on the display section 21 of the mobile terminal 11 ' as 
shown m Fig. 15. 

[0096] The user performs the operation permitting the 
deletion The mobile terminal 11 transmits a program 
(applet) deletion request to the contents server 19 
through the network (step S41) This request contains 
the information specifying the program to be deleted. 
[0057] With the transmission of a program deletion re- 
quest, a screen 013 indicating that the deletion is gcing 
on, is displayed as shown in Fig. 15 on the display sec- 
tion 21 of the mobile terminal 11 . 

[1 .4.11 .2] Deactivation request to distribution 
management server 

[0098] The contents server 1 9, upon receipt of a pro- 
gram deletion request, sends a deactivation request to 
the distribution management server 1 6 (step S42) This 
deactivation -aques: certains the nfemnation specifying 
the mobile terminal 11 of the user requesting the pro- 
gram deletion and the information specifying the pro- 
gram to be deleted 



17 



EP 1 248188 At 



18 



[1 4 11 .3] Deactivation requesl to UIM 

[0099] The distribution management server 16. upon 
receipt of a deactivation request, accesses the data- 
base and determines a basic Diock storing the p-ogram 
to be deleted. Then, ■ Redistribution management server 
1 6 sends a deactivation request containing the informa- 
tion specifying the particular basic block to the mobile 
terminal 11 oHhe user requesting the program deletion 
(step S43). 

[0100] This deactivation request is sent to the UIM 12 
though the mobile terminal 11. The UIM 12resets, from 
"i" to "C the activation flag prepared for the basic block 
specified bv the deactivation request. After that, the ex- 
ecution of the program in the particular basic block Is 
prohibited. 



(1 .4.11 A\ Deactivation end response 

[0101] The UiM 1 2, at the end of the program deacti- 
vation, transmits a Deactivation end notice to the distri- 
bution management server 16 (step S44). This notice 
contains the information specifying the basic block stor- 
ing the program deactivated. 

[1 .4.11 .5] Deactivation end -notice 

[0102] Tne distribution management server 16, upon 
receipt of the program deactivation end notice from the 
UIM 12, registers ths information to the effect that the 
deactivation is complete, in the area of the data base 
correspondingto ths basic block of the UIM 12 specified 
by the deactivation end notice. 
[0103] The distribution management server 1 6 sends 
a program deactivation end notice to thecontents server 
19 (step S45). 

|1 4.11 .6] Deletion request to distribution management 

[01 04] The contents server 1 9 . upon receipt of the de- 
activation end notice for the program to be deleted, from 
the distribution management server 16. requests the 
distribution management server 1 6 to delete the partic- 
ular program (step S51). 

[1 4.11 .7] Deletion requesl to UIM 

[0105] The distribution management server 16, upon 
receipt or tne program deletion request, sends a pro- 
gram deletion request to the UIM 12 of the user who 
requests the program deletion (step S52). This program 
deletion request contains the information specifying the 
basic block storing the program to be deleted. 
£0106] The program deletion request is sent to the 
UIM 12 through tne mooile terminal 11 The UIM 12 de- 
letes the program in the basic block specified by the pro- 
gram deletion request. 



[1 4.11 .8] Deletion end response 

[01071 The UIM 1 2. at the end of the program deletion , 
transmits a deletion end notice indicating the program 

5 deletion to the distribution management server 1 6 (step 
S53). This deletion end notice contains the information 
specifying the basic block from which the program is de- 
leted and the program deleted. At the same time, a 
screen D14 indicating the end of deletion is displayed, 

10 as shown in Fid, 15, on the display section 21 of the 
mobile terminal 11. 

(1 .4.11 .91 Deletion completion notice 

is [0108J The distribution management server 16, upon 
receipt of the deletion end notice from the UIM 12, reg- 
isters the information to the effect that the program has 
been deleted in the storage area in the data base cor- 
responding to ihe combination of the user requesting the 
so deletion and the program deleted. 

[0109] Then, the distribution management server 16 
sends to the contents server the notice that the program 
deletion is complete (step S54). 
[01 10] !n the case where the charge process against 
35 the contents provider has been made for the program 
deleted, the distribution management server ceases to 
charge the contents provider thereafter. 

[1 .4 12] Deletion (only when desired by distribution 
30 management server) 

[0111] According to this embodiment, a program may 
be deleted by other than the intention of the user. Art 
example is the expiry of a predetermined term during 
35 which a program car, be used. 

[0112] The operation for deleting a program under the 
guidance of the distribution management server in such 
a case will be described beiow with reference to Fig. 11 

40 [1 .4.12.1 1 Deactivation request to UIM 

[0113] If the usabie term of aprogram has expired and 
the program is required to be deleted, the distribution 
management server 16, by accessing the data base, de- 
45 terrenes ali the UIMs 12 to which tre program to be de- 
leted has been distributed and the basic cIocks storing 
the program to be deleted in each of the UIMs 12, and 
sends a deactivation request to each of the UIMs 12 
(step S61). Each deactivation request contains the in- 
so formation specifying She basic biock storing the program 
to be deleted 

[0114] The deactivation request is sent to each UiM 
12 through the mobiie terminal 11. The LMM 12 resets, 
from "1" to "0", the activation flag corresponding to the 
55 basic block specified by the deactivation request. After 
that., the execution of the program in the particular basic 
biock is prohibited. 
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[1 .4.12 2) Deaet va; : o r s*a response 

[0115] At the end of the deactivation, the UIM 12 
transmits a deactivation end notice to the distribution 
management server 15 (step S62). 

[1 4.12.3] Deactivation compietion notice 

[0116] The distribution management server 16. upon 
receipt of the deactivation end notice from the party to 
wh=ch the program to be deleted has been districted 
registers the information indicating the completion of the 
deactivation in the storage area of the data base formed 
for the particular program. 

(01171 (he distribution manaqomcr-! server 1f. sonus 
a program deactivation completion notice to the con- 
tents server 19 (step S63). 

[i 4.12 4] Notification o! deactivation completion notice 
recent to distribution management server 

[0118] The contents server 16, upon receipt of the de- 
activation completion notice from trie distribution man- 
agement server 1 6, sends a deactivation receipt notice 
to the distribution management server 16 (step S64). 

(1 .4.12.5] Deletion request to UIM 

[0119] Th e sistributidri management server 1 6 , upon 
receipt of the deactivation receipt notice, sends a pro- 
gram deletion request to the mobile tormina! 11 that has 
transmitted the deactivation completion notice corre- 
sponding to the deactivation receipt notice (step S71 ). 
The deletion request sent to the mobile terminal 11 con- 
tains the information specifying the basic block storing 
the program to be deleted. 

[0120] The UIM 12, upon receipt of the deletion re* 
quest through the mobile terminal 11, deletes the pro* 
gram in the basse block specified by the request. 

[1 .4.12.6] Deietion end response 

[0121] The UIM 12, at the end of the program deletion, 
transmits a deletion end notice to the distribution man- 
agement server 16 ;step S72). This notice contains the 
information specifying the basic block from which the 
program has been deleted 



(step S73) 

[0124} At the same lime, the distribution management 
server ceases the charging process which may have 
hitherto been made against the contents provider for the 
5 deleted program, 

[1.4.12.8] Deletion result receipt notice to distribution 
management server 

»0 [0125] The contents server 19, upon receipt of the ae- 
io: c - cor-;: otion cictico fo": :fo disf bjfon manage- 
ment server 16, sends a deletion result receipt notice to 
the distribution management server 16 (step S74) 

'5 ji .4.13] Program distribution process for UIM version 
management 

[0126] The contents server 1 9 may be requiredto dis- 
tribute a progiam voluntarily regardless of the desire on 

2t > the part of the user. An upgrade of the program that has 
been distributed is a case in point. 
[01 27] in such a case, the distribution of the program 
of a new version to the UIMs 12 of all the users to which 
the particular program has been distributed gives rise to 

S5 an inconvenience, This is by reason of the fact that the 
mobile terminals 11 are of various models, and the UIM 
specifications have various versions. It may happen, 
therefore, that a program of a new version, if sent to all 
the UIMs. can be executed normaily oniy by the UiMs 

30 having a version issued at a certain time point or there- 
after. 

[0128] According to this embodiment, at each time of 
an upgrade of a program, a version notice request is 
sent to the UIMs and basod on the response to the re- 

35 quest, it is determined whether the program is to be dis- 
tributed or not to a given UiM. This operation is shewn 
in Fig. 12. Some of the UiMs 12 support the function of 
notifying the version thereo! in response to the version 
notice request, and others do not. Fig. 12 shows the op- 

4 o eration performed in the case where a version notice 
request has been sent to a UIM supporting such a func- 
tion and the operation performed In the case where a 
version notice request has been sent to a UIM not sup- 
porting the (unction. 

45 

[i .4.13.1 j Operation for UIM supporting version notice 
function 



[1 .4.12.7] Deletion completion notice 

[0122] The distribution management server 16, upon 
receipt of the deletion end notice from ail the parties to 
which the program to be deleted has been distributed, 
registers the information to trie effect that the program 
has been deleted, In the storage area of the data base 
formed for the particular program to be deleted. 
[0123] The distribution management server 16 sends 
a deletion compietion notice :o the contents serve' 19 



[1.4.13.1.1] Program distribution request to distribution 
management server 

[0129] Priorto distribution of a program after upgrade 
the contents server 1 9 sends to the distribution manage 
ment server 16 a program distribution request contain 
ing the information specifying the program and the ver 
sion information indicating the version of the UIM 12 tha 
can execute the particular program (step S81 ) 
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11.4.13.1.2] Version notice request to UiM 

[D130] The distribution management server 16, upon 
receipt of the program distribution request, accesses the 
data base, determines all the mebile terminals 11 to 5 
which the program specified by the program distribution 
request has been distributed, and sends a version no- 
tice request to the mobile terminals 11 thus determined 
(step S82) 

to 

[1 4.13.1 .3) Version notice 

[0131] The version notice request is sent to each UIM 
12 thrc =igh the mobile terminal 11. The UIM 12, upon 
receipt cf the version notice request, notifies the version '5 
thereof to the distribution management server 16 (step 
S83). 

M .4,13.1 .4) No program distribution notice 

so 

|0132] The distribution management server 16 re- 
ceives a version notice from each UiM 12. In the case 
where the version notice received from a given UIM 12 
faiis to meet the conditions indicated by the version in- 
formation from the contents server 19, the contents & 
server 19 is notified that the program cannot be distrib- 
uted to the particular UIM 12 (step S84). 
[01 33] in the case where the version notice received 
from another given UiM 12 meets the conditions indicat- 
ed by the version information from (he contents server 30 
19, on the other hand, the distribution management 
server 1 6 distributes the program to ths particular UIM 
12. This operation is described above with reference to 
Figs. 6 and 8, 

35 

(1 4.13.2) Operation for UIM not supporting version 
notice function 

[1 4.13.2.1] Program distribution recuest to distribution 
management server 40 

[01 34) The contents server 1 9 sends a program dis- 
tribution request to the distribution management server 
16 in the same manner as described above (step S91), 

45 

>1 4.13.2.2! Version notice request to UIM 

[0135) The distribution management server 1 6 sends 
aversion notice request to the UIM 12 of the mobile ter- 
minal 1 1 (step S92) 50 

[1 4.13.2.3) Timer count 

[0136] In this case, the UIM 1 2 does not support the 
version notice function, and therefore makes no re- 55 
sponse. 

[0137] Thus, the distribution management server 16 
monitors the timer, and upon expiry of a predetermined 



time-out period (step S93), sends a version notice re- 
quest again to the UIM 12 of the mobile terminal 11 (step 
S94). Then, the vaiue on the retry counter is increment- 
ed by one. 

[0138) In a similar fashion, the distribution manage- 
ment server 16 monitors the timer, and upon expiry of a 
predetermined time-out period (step S95;, sends a ver- 
sion notice request again to the UIM 12 of the mobile 
terminal 1 1 (step S96). Then , the value of the retry coun- 
ter is incremented by one 

[1.4.13.2.41 No program distribution notice 

[0139] Once again, the distribution management 
server 16 monitors the timer, and upon expiry of a pre- 
determined time-out period (step S97) sends a version 
notice request again to the Ul M 1 2 of the mobile terminal 
11 (step S96). Then, the value on the retry counter is 
incremented by one. 

[0140] In the case wnere the figure on the retry coun- 
ter reaches a predetermined value (3 in this case), the 
distribution management server 1 6 determines that the 
version of the UIM 12 fails to meet the conditions for the 
version notified from the contents server 1 9, and sends 
a no-program distribution notice to the contents server 
19 (step S84) 

[0141] As a result, the contents server 19 confirms 
that the program of which distribution is desired, cannot 
be distributed. 

[1 ,4.14] Program distribution process based on UiM 
memory capacity limitation 

{0142] The limitation of the memory capacity of the 
UIM 12 may make the program distribution impossible 
even if desired by the contents server 19. An example 
of the operation performed in such a case is shown in 
Fig. 13. This operation will be explained below. 

[1 .4.14.1 j Rejection by distribution management server 

[0143] The contents server 1 9 requests the distribu- 
tion management server 1 6, by attaching tne program 
to be distributed, to send a program distribution request 
totheUIM12(stepS101). 

[0144] The information indicating the memory state of 
each UIM is registered in the database of the distribution 
management server 18. The distribution management 
server 16, upon receipt of the program distribution re- 
quest to a given UIM 12, accesses the data base, and 
determines whether the basic block tor the particusar 
UIM 12 is available for storage, or if available, is too 
small in capacity to store the program {the capacity may 
vary from one version to another of UIM) or whether 
there is any other stumbling block to the program distri- 
bution. 

[0145] In the case wnere the program cannot be dis- 
tributed, the distribution management server 16 sends 
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a notice to the contents server 1 9 that the program can- 
not be distributed due to the shortage of the memory 
capacity (step S102) 

[0146] As a result, the contents server 19 confirms 
that the program for which distribution is desired, cannot 
r;e distributed. 

(1 .4.14.2) Rejection by UIM 

[0147] The memory capacity and the current occu- 
pancy state of each UIM 12 are registered in the data- 
base of the distribution management server 16. For 
some reason or other, however the actual UIM memory 
state may differ from the memory state registered in the 
database of the distribution management server 1 6. The 
operation performed in such a case is described beiow. 
[01 48] First, the contents server 1 9 sends a p-ogram 
distribution request together with a program to the dis- 
tribution management server 16 {step S111). 
[Q148] The distribution management server 16 ac- 
cesses the data bass and determines whether the basic 
block of the destination UIM 12 is available for storage 
and hss a sufficient capacity. 

[0150] In the case where the determination is YES, 
the distribution management server 1 6 sends a write re- 
quest together with the program to the UIM 12 (step 
S112). 

[0151J The UiM tSthat has received the write request 
determines whether the program attached to the write 
request can be stored in any one of the basic blocks or 
not. in the case where the determination is NO the UIM 
12 sends a no-program distribution notice to the distri- 
bution management server 16 due to lack cf memory 
capacity (step S113), 

[01 52} The distribution management server 16. upon 
receipt of the no-program distribution notice due to iack 
of memory capacity, sends it to the contents server 19 
(stepS114) 

[0153] From this notice, the contents server 19 can 
confirm that the program cannot be distributed to the 
UIM to which the distribution is desired 
[01 54] It may aisc happen that a program cannot be 
stored in a basic block due to a write error in the memory 
of the UIM 12 or the malfunction of the memory device, 
in such a case exactly tne same operation as described 
above is performed. Fig. 14 shows such an operation, 
in Fig. 14, steps SI 21 to S124 correspond to steps ST11 
to Si 14 in Fig 13 and represent exactly The same op- 
eration, respectively. 

[1.4.15] Specific example of operation 

[0155] Now. a specific example of the operation ac- 
cording to this embodiment wiil be explained. 

[1.4.15.1] Execution of program stored in UIM 

[0156] In this example of an operation, assume that a 



program called " O O RAILWAY" is stored in the basic 
block 40-1 of the UIM 12 

(0157] The user operates the operating section 22 of 
the mobile terminal 11 and thus accesses the home 

s page of the contents provider that has distributed tne 
"OO RAILWAY" program. A distribution menu screen 
D21 as shown in Fig. 16 is displayed on the dispiay 
screen of the display section 21 This distribution menu 
screen D21 is provided by the contents server 19 of th.j 

10 contents provider The user performs the operalion for 
selecting an item concerning the purchase of a commu- 
tation pass from the menu displayed on the distribution 
menu screen D21 . A purchase request for ihe commu- 
tation pass is transmitted from the mobile terminal 1 1 to 

'5 the contents server i 9 through the network. 

[0158] As a result, a download screen D22 is sent 
from the contents server 19 to the mobiie terminal 11 
and displayed on tne dispiay section 21 . Tne download 
screen D22 contains a menu of several value data hav- 

20 ing the same monetary value as the commutation pass, 
[0150] Once the user selects the desired value data, 
the information requesting the selected value data is 
sent to the contents server 1 9 from the mobile terminal 
11. 

2$ [0160] After thai, the contents server 1 9 sends to the 
mobiie terminal 11 the screen data for selecting a meth- 
od of account settlement. As a result, a screen D23 is 
displayed by she mobiie terminal 11 The user selects 
"SELECT FROM UiM MENU" from the menu items in 

so the screen D23, and thus can settle the account by use 
of the program in the UiM 1 2 Specifically, once this se- 
lect operation is performed, the UIM 12 is notified of the 
fact. Upon receipt of this notice, the control unit of the 
UIM 12 returns to the mobile terminal 11 the list of the 

35 programs stored in the basic biocks 40-1 to 40-6, The 
screen D24 containing this lis; is displayed on the dis- 
play section 21 of the mobile terminal 1 1 . The user se- 
lects a settlement program from the list The selected 
program is executed by the UIM 12 thereby to settle the 

40 account. 

[0161] Assume that the account is settled by execut- 
ing the program in the program area 41 of the basic 
block 40-2. The data area 42 of the same basic block 
40-2 is used for settling the account. 

45 [0162] The contents server 19, upon detection that 
the account has been settled, sends the value data of 
the commutation pass included in the commutation pass 
purchase request described above, to the mobile termi- 
nal 11 . This value data contains the information such as 

50 the names of the two stations involved, the validity te- m, 
the name of the user and the age of the user and are 
sent from the mobiio terminal 11 to the UIM 12 The val- 
ue data, which are to be used for the "OO RAILWAY'' 
program, are stored in the data area 42 of the basic 

$5 block 40-1 corresponding to the same data in the UIM 
12. 
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[i .4 15.2] Mai! order sale using network 

[0163] In this example 01 an operation, a program (or 
a mail order sale is stored m the basic block 40-2 of the 
DIM 12 

[0164) The user accesses the home page ot the con- 
tents provider by operating the operating section 22 of 
tiie mobile terminal 11. so that a distribution menu 
screen D31 shown sr Fig 17 is displayed on the display 
section 21 of the mobile terminal 11. This distribution 
menu screen D31 is provided by the contents server 19 
of the contents provider which in turn provides the masl 
order sale (what is called "e-commeroe") service utiliz- 
ing the network . The user selects the desired commodity 
(MATSUZAKA BEEF FOR SUKIYAKI, Y5000/KG. in 
Fig 1 7) from the commodities listed in the distribution 
menu screen D31. Then, a purchase request is trans- 
mitted from the mobile terminal 11 to the contents server 
19 through the network 

[01651 The contents server 1 9 that has received the 
purchase request returns a settlement method screen 
032 to the mobils? terminal 11 As a result a select 
screen D32 is displayed on the display section 21 
[0166] From the settlement methods listed in the se- 
lect screen 032, the user is assumed to have selected 
"XX BAfvK". The settlement program for XX Bank stored 
in the basic block 40-3 of the UIM 12 is started by the 
control unit 30 of the UIM 12 and a settlement screen 
D34is displayed. 

[01G7] The user inputs the personal identification (ID) 
number as settlement information. The mobile terminal 
11 tries to connect the settlement server lor XX Bank 
through a communication unit 34 and the network, so 
that the screen D35 being accessed is displayed. 
(0168] Upon complete authentication, a purchase 
amount confirmation screen D36 is displayed. 
[016S] The user confirms the amount to be paid and 
inputs the confirmation. The mobile terminal n displays 
a payment confirmation screen D3? of the contents pro- 
vider, i.e. the mail o^der house together with the delivery 
date, etc 

[i 415.3| Use of commutation pass {check gate 
passage, manual start; 

[0170] According to this embodiment, the mobile ter- 
minal 11 can be used as a commutation pass by storing 
an appropriate program in the UIM 12. An example of 
operation will be explained below. 
[0171] First, the user depresses a button 23. A UIM 
menu screen D4i shown in Fig. 18 is displayed on the 
display section 21 . The user selects "GO RAILWAY" for 
which the commutation pass is used. As a result, the 
control unit 30 of the UIM 12 executes the OO RAILWAY 
program in the basic biock 40-1 , so that a menu screen 
D42 is displayed on the display section 21 
[0172] When the screen D42 is displayed the user se- 
lects "4 SET APPLICATION AUTO. START". An auto- 



matic start set confirm screen D43 is displayed thereby 
prompting the user to select. 

[0173] In the case where the user selects "YES", the 
automatic start is set. In the case where the jser seise- 
5 tion is "NO", on the other hand, the automatic siart is not 
set. 

[0174] The gate of the railway company is equipped 
with a ticket check reader/writer. Before passing through 
the gate, the user performs tne following operation, 
to [0175] First, the user depresses the U button 23. : he 
UiM menu screen D41 shown in rig 19 is displayed on 
the display section 21 . The user then selects " CO RAIL - 
WAY" for which the pass is used. As a result, the control 
unit 30 of the UIM 12 executes the CO RAILWAY pro- 
fs gram in the basic block 40-1 , and displays the menu 
screen D42 on the display sect ion 21 . The user selects 
" 1 . PASS", The pass program constituting a part of the 
OO RAILWAY program is started by the control unit 30. 
In accordance with this pass program, the control unit 
so 30 begins communication with the ticket reader/writer 
for pass check. In the case where this communication 
is carried out by the common key cryptosystom, for ex- 
ample, the pass check process is performed following 
the steps described below. 

25 

(1) Each party checks the other party 

(2) The ticket check reader/writer requests the mo- 
bile terminal 11 to transmit information on the com- 
mutation pass. 

30 (3) The mobile terminal 11 encrypts the pass infor- 
mation by the common key and transmits it to the 
ticket check reader/writer. The pass information dis- 
play screen D53 is displayed on the display section 
of the mobile terminal 11 
35 (4) The ticket check reader/writer decrypts the re- 
ceived commutation pass information, and, in the 
case where the user is found to be legitimate, the 
gale is opened to allow him in. 

40 [0176] At the same time, a message screen D54 for 
expressing gratitude to the user is displayed on the dis- 
play section 21 . 

[0177] The foregoing description deals with the com- 
mutation pass, in the case where the mobile terminal 11 
45 is used to function as a private card, however the data 
area 42 is updated to indicate the value data corre- 
sponding to the amount aller subtracting the actual 
charge in the process of (4) above 

50 [i .4.15.4] Use of commutation pass (gate passage: 
auto, start) 

[0178] When the screen D43 shown in Fig. 1 8 is dis- 
played, the user can select "YES" and the automatic 
55 start is set. The following operation is performed. Spe- 
cifically, when the mobile terminal 1 1 set to the automat- 
ic slart mode approaches the gate of the station, a pok- 
ing signal transmitted from the ticket check reader/writer 
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; s >-ece!vecf oy "re noble terminal 11. As a result, the 
pass program constituting a part of the CO RAILWAY 
program is automatically started by the control unit 30 
in she UIM 12. ane the pass check simiiarto the manual 
start is earned cut. 5 

I ■ .5j affect of firs! embodiment 

[01 79] As described above, according to this embod- 
iment, even in the case where ;ne storage area of the »o 
storage module is divided to store each program, the 
mobis:- terminal simply provides the communication 
■ unction to the UlM. and no extra burden is imposed on 
the mobile terminal Therefore, the inherent function of 
the mobile terminal is no! adversely affected >« 
[0180] Also, the program storage, the activation, the 
deactivation and the deletion are not carried out by the 
mobile terminal, but under the control of the distribution 
management server Thus, the user convenience is im- 
proved while at the same time maintaining security, so 

[2] Second embodiment 

[0181] According to the first embodiment described 
above, the program executed by the UlM 12 is stored in is 
the basic blocks 40-1 to 40-6 in the same UlM, In the 
second embodiment, however, ali the programs execut- 
ed are not necessaniy stored in the basic blocks. 

[2.1] Configuration of second embodiment 30 

[0182] Fig. 21 is a biock diagram showing a configu- 
ration of a program distribution system according lo a 
second embodiment of the invention. 
[0183] A UiM 12, contents servers 19-1 to 19-6 and 35 
19X and a distribution management server 16A are 
shown in Fig. 21 . The distribution management server 
1 6A corresponds to the distribution management server 
1 6 of the first embodiment plus the functions unique to 
this embodiment. The contents servers 1 9- 1 to 1 9-6 and *Q 
19X have similar functions to the contents server 19 of 
the first embodiment. The system according to this em- 
bodiment has an authentication server as in the first em- 
bodiment, not shown in Fig. 21. 

[0184] The UlM 12 according to this embodiment in- « 
eludes an application area 12C shown in Fig. 22 in place 
of the application a~?a 12B of the first embodiment. The 
program storage area 12C is divided into seven basic 
blocks 40-1 to 40-7 and one free bas.c block 40-1 . 
[0185] The basic clocks 40-1 to 40-7 and the free ba- so 
sicblock40-Fl each have a program area 41 andadata 
area 42. A program (application or applet) is stored in 
the program area 41, The data area 42, on the other 
hand, has stored therein the data used by the program 
stored in the program area 41 of the same basic block 55 
or the free basic block. 

[0186J In this case, the basic biocks 40-1 to 40-7 and 
the free basic block 40- F1 are independent of each oth- 



er, and basically, the program stored in the program area 
41 of a given block cannot access the data area 42 of 
other blocks This is also the case with the first embod- 
iment. The program stored in the program area 41 can- 
not be distributed or deleted without intermediary of the 
distribution management server 16A The data area 42 : 
however, can be directly operated through the distribu- 
tion management server 16A or a iocal terminal as in 
the case where electronic money ;s downloaded from 
the ATM, This point is also similar to the first embedi- 

[0187] According to this embodiment, the distributer! 
of the programs stored in the basic blocks 40-1 to 4C-7 
is controlled by the distribution managemeni server 
16A The program stored in the free basic block 40-F1 : 
however, ts controlled not by the distribution manage- 
ment server 16A but on ihe user's own responsibility. 
[0188} According to the first embodiment, the pro- 
g-am transmitted from the contents server 1 9, in accord- 
ance with trie distribution tequest from the mobile termi- 
nal 11, is sent to the U'-hA 12 by the distribution manage- 
ment server 16. The distribution management server 
16A according to this embodiment, on the other hand, 
accepts the program distribution request from the mo- 
bile terminal 11, and on acquiring the program by ac- 
cessing the contents server as required, distributes it to 
the UIM 12 of the mobile terminal 11, The distribution 
management server 16A according to this embodiment 
is similar to the distribution management server 16 of 
the first embodiment in that the program distribution 
from the contents server to the UIM 12 is relayed and 
managed. This operation, however, is not the only func- 
tion of the distribution management server 16A accord- 
ing to this embodiment. Specifically the distribution 
management server 1SA has means for storing a pro- 
gram orthe information indicating the location of the pro- 
gram for the benefit of the user of the UIM 1 2, and any 
of the programs stored in this means can be acquired 
by the user through the distribution management server 
16A In this sense, the distribution management server 
16A exhibits a function similar to a cache memory for 
Ihe UiM 12. 



In 



rder to 



the program distribute to 
the UiM 12 and exhibit the function like a cache memory, 
the distribution management server 16A includes a dis- 
tribution management unit 50. The distribution mt^c- 
menl unit 50 has a user information storage unit 51 ar;d 
a program information storage unit 52. 
[0190] The program information storage unit 52 has 
stored therein a program proper or a URL corresponding 
to the program that can be distributed to the UIM 12. 
The URL is the information indicating the address of a 
specific one of the contents servers 19-1 to 1 9-6 and the 
very contents server where a particular program is lo- 
cated. Which is to be stored in the program information 
storage unit 52 for a given program the URL information 
or the program proper, can be determined based on the 
storage capacity of the program information storage unit 
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52, or in the esse where the storage capacity is suffi- 
cient can be selected as desired by the contents pro- 
vider operating the distribution server. 
[0191] The chancs of storing a new program or the 
URL thereof in the program information storage unit 52 5 
is given, for example, in the case where the mobile ter- 
minal 11 of a given user sends a program distribution 
request, and a program or the URL (hereof meeting the 
particular distribution request is no) stored in the pro- 
gram information storage unit 52. In such a case, the to 
program information storage unit 52 accesses the con- 
tents server and acquires and stores the program de- 
sired by the user in compliance with the request from 
the mobile terminal 

[0192] The user information storage unit 51 includes '5 
n (n > 1 ) individual user information storage units 53-1 
to 53-n corresponding to n persons to which the system 
according to the invention, is applicable Each individual 
user information storage unit 53-k has a real distribution 
information storage unit 54 and a virtual distribution in- 
formation storage unl 55 

[0193] The real distribution information storage unit 

54 o? the individual user information storage unit 63-k 
has stored therein pointer dataccrrespondingto the pro- 
gram actually distributed to the UIM 12 of the user k. 2* 
The pointer data is for indicating a particular area in the 
program information storage unit 52 where the program 

or the URL thereof is stored Ths availability of the real 
distribution information storage unit 54 makes it possible 
for the distribution management server 1 6A to immedt- 30 
atsly redistribute any program, if erased, in the basic 
blocks 40-1 to 40-7 of the UIM 1 2. 
[0194] The virtual distribution information storage unit 

55 of the individual user information storage unit 53-k, 

on the other hand, stores the pointer data corresponding 35 
tc an available program, though not actually distributed 
to the UIM 12 of the user k, that can be immediately dis- 
tributed to the UIM 12 of the user k who is desirous of 
having such a program. The user of the U!M 1 2 can re- 
ceive the following services by use of the virtual distri- -to 
button information storage unit 55. 

(a) The pointer data of a program of which distribu- 
tion to the UlV 12 is desired is provisionally stored 
in the virtual distribution information storage unit 55. <** 
The user, whenever the distribution of the program 
with the pointer data thereof stored in the virtual dis- 
tribution information storage unit 55 is required, 
sends a request to the distribution management 
server 1 6A using the mobile terminal 11 . The distri- so 
bution management server 16A reads the pointer 
data of the requested program from the virtual dis- 
tribution information storage unit 55, and acquires 
and distributes the program specified by the partic- 
ular pointer data to the U!M 12. In this case, the SS 
pointer data of she program distributed to the UIM 
1 2 is moved from the virtual distribution information 
storage unit 55 to the real distribution information 



storage unit 54 

(b) The number of the basic blocks in the UIM 12 is 
limited. Therefore, it may happen that ail the basic 
blocks are occupied and no basic block is available 
for storing the program to be distributed, in such a 
case, the distribution management server 16A 
reads the pointer data from the storage area corre- 
sponding to a given basic biock 40-X in the U IM 1 2, 
from among the storage areas in the rea! distribu- 
tion information storage unit 54, and transfers it to 
the virtual distribution information storage unit 55. 
The program to be distributed is sent to the UiM 1 2 . 
where it is written in the basic block 40-X, and the 
pointer data of the program is written in the storage 
area corresponding to the basic biock 40-X in the 
real distribution information storage unit 64. This 
process makes it possible to acquire a program by 
a distribution request and store it in a basic block 
even in the case where the basic blocks are fuily 
occupied. In the process, with regard iothe program 
driven away from the basic block, a request may be 
given again, if required, to the distribution manage- 
ment server 16A and the process described in (a) 
above can be carried out. 

[01S5J Now, an explanation will be given of the func- 
tion of the distribution management server 16A corre- 
sponding to the free basic block 40-F1 . As already de- 
scribed, as for the free basic block 40-F1 , the distribution 
management server 16 does not manage the program 
distribution. The user, by operating the mobile terminal 
11 . can freely register or delete a program in the free 
basic block 40- F1 . 

[019S] The rea! distribution information storage unit 
54 of the individual user information storage unit 53 has 
a storage area corresponding to the basic block 4C-F1 
of ths UIM 12. in this area, however, no pointer data of 
a program is stored, but the data including the number 
of times a program is registered in or deleted from the 
basic block 40-F1 or the URL information thereof. In the 
case where nothing is stored in the free basic biock 
40-F1 , the data indicating the fact ("Nul!' : data, etc.) may 
be stored in this area. 

[0197] The program in the free basic block 40-F1 ot 
the UIM 12. should it be deleted, unlike the programs 
stored fn the basic blocks 40-1 to 40-7, remains as it is 
until registered again by the user himself. 
[0198] In the case where the user is desirous of 
changing the program in the free basic block 40-F1 tem- 
porarily to another program, on the other hand, such a 
change can be made always by the user himself rewrit- 
ing it. 

[0199J In such a case, the distribution management 
server 1 6A cannot carry out the charging process even 
if a program is stored in the free basic block 40- F1 
[0200] The free basic biock 40-F1 can be changed so 
that it can be handled the same way as the basic blocks 
40-1 to 40-7 as desired by the user Specifically, before 
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the chargs. seven basic blocks 40-1 to 40-7 and one 
free basic block 40-F1 can be used as eight basic blocks 
40- 1 to 4C-3. 

[0201] In such a case, the information to the effect that 
the free basic block 4Q-F1 has been changed to the ba- 5 
sic block 40-8 is written by the distribution management 
server 16A in the system area 12A {Rg. 4) of the (JIM 
12 Also, the area in the real distribution information stor- 
age unit 54 that has hitherto been handled as an area 
corresponding to trie free basic block 40-F1 can be nan- '0 
died by the distribution management server 16A as an 
area corresponding to the basic block 40-8. and using 
this area, the same management as that of the basic 
blocks 4C-1 to 4C-7 ;s started. 

[0202} The basic biock that has been changed io trio '5 
basic block 40-8 by the user in this way can bo restored 
to the free basic biock 40-F1 again. The basic blocks 
40-1 to 40-7 cannot oe changed to free basic blocks. 

[2.2] Configuration of distribution management server so 

[0203] A configuration of the distribution management 
server is shown fn Fig. 23. 

[0204] The distribution management server 16A is 
roughly configured of a transmission control unit 61 . the j?s 
user information storage unit 51 described above, the 
program information storage unit 52 described above 
and a secure communication control unit 62 
[0205} The transmission control unit 61 controls the 
transmission between the externa! contents servers so 
19-1 to 19-6 orbetween the mobile terminate 11 (includ- 
ing the transmission between the contents servers 1 9-1 
to 19-6 and the mobile terminals 11). The transmission 
control unit 61 also controls the transmission between 
the user information storage unit 51 . the program infor- as 
mation storage unit 52 and the secure communication 
control unit 63 to each other. Further, the transmission 
control unit61 controls the distribution management unit 
50. the user information storage unit 51. the program 
information storage unit 52 and the secure communica- 40 
tion control unit 63 on the one hand, and requests the 
execution of various processes in the oistnbution man- 
agement unit 50, the user information storage unit 51, 
the program information storage unit 52 and the secure 
communication control unit 63 on the other hand. 4S 
[0206] The program information storage unit 52 sub- 
stantially functions as a portal site for the program per- 
mitted to be distributed to the basic blocks 40-1 to 40-7 
of the U!M 12. 

[0207] The secure communication control unit 63 au- so 
thentlcates the information (an encrypted program, etc.) 
sent from the contents servers 19-1 to 19 6, holds the 
public key paired wish tne private key held by each UiM, 
and manages the issue of the public keys for the con- 
tents servers 19-1 to 13-6. 55 



[2.3] Operation of second embodiment 

[2.3.1] Registration in user information storage unit 

[0208] In the example shown in Fig. 21 , the contents 
servers 19-1 to 19-6 are under the control of the distri- 
bution management server 16A. The user desirous of 
using a program (applet) stored in any of the contents 
servers is required to register the particular program in 
the user information storage unit 51 of the distribution 
management server 16A. The registration process will 
be explained below with reference to Fig 24. 
[0209] First, the user sends a request for a menu jis! 
of the programs thatcan be registered, io the distribution 
management server 16Atrom the mobile terminal i -. 
T his request is sent to the program information storage 
unit 52 through the transmission control unit 61 of the 
distribution management server 16A (step S131). 
[0210] The program information storage unit 52 that 
has received the request prepares a menu list of aii the 
programs that can be registered or specifically, aii the 
programs of which the program proper or the URL is 
stored in the program information storage unit 52, and 
transmits the menu list through the transmission control 
unit 61 to the mobile terminal 11 (step S 132). 
{0211] This menu list is received by the mobile termi- 
nal 11 and displayed on the display section 21 . Under 
this condition, the user can acquire, by operating the op- 
erating section 22 ; a comment on the desired program 
from the distribution management server 16A and dis- 
play it on the display section 21 . 
[0212] Once the program of which distribution is re- 
quested is determined by the user operating the oper- 
ating section 22, the mobile terminal 11 transmits a reg- 
istration request containing the information specify^ 
the particular program to the program information stor- 
age unit 52 of the distribution management server 1 6A 
(stepS 133). 

[0213] The program information storage unit 52, 
based on the program registration request, registers the 
program requested by the user in the user information 
storage unit 51 (step S134). 

[0214] The operation in step SI 34 will be described 
in detail. First, assume that the registration request is 
issued from the mobile unit 11 in which the UIM 12 of a 
given user k is built or mounted In this case, the pro- 
gram information storage unit 52, based on the regis*? a- 
tson request, identifies theprcgram requested by the us- 
er, and determines the pointer data for specifying tne 
interna! area of the program information storage unit 52 
in which the URL information indicating the location of 
the program or the program proper thereof is stored 
Once the pointer data of the program requested by the 
user is obtained in this way. the program information 
storage unit 52 accesses the contents stored in each 
area of the real distribution information storage unit 54 
of the individual user information storage unit 53-k cor- 
responding to the user k, and thus determines the bas:c 
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block 4C-X (1SXS ?} available for storage among the 
basic blocks of the U;M 12 of the user k. The pointer 
data of the program requested by the user is registered 
in the area of the real distribution information storage 
unit 54 corresponding to the basic block 40-X (step 5 
St34). it may be that the UIM 12 of the user k has no 12.3.1 .11 Registra 
basic block 40-X (1 S X £ 7) available for storage. In server holding th 
such a case, the program information storage unit 52 
registers the pointer data in the virtual distribution infor- 
mation storage unit 55 designated by the user or set au- 
tomatically. 

[0215] In step S141 , the menu iist may not have any 
desired program. In such a case, the user can request 
the program information storage unit 54, by operating 
the mobile terminal -■• » > the desired contents 

server In this caru;. the program m'o-nv.'.ion storage unit 
54, in compliance with the user request, acquires the 
program or the URL thereof from the contents server 
desired by the user, and holds it in the unoccupied area 
in the program information storage unit 54. in the proc- &> 
ess, the pointer data indicating the location of the ac- 
quired program or Xr-.e URL thereof is registered in the 
real distribution information storage unit 54 in the same 
manner as the procedure mentioned above. 
[021 6J Upon ccmpiete registration of the program re- 25 
quested by the user in this way. the distribution manage- 
ment server 1 6A stats the charge process for the user 
or the contents provder that has distributed the partic- 
ular program. 

[021 7J Then, the user information storage unit 61 30 
sends a registration notice to the mobile terminal 11 
through the transmission control unit 61 {step S135). 
[0218] The mobile terminal 1 1 , upon receipt of the reg- 
istration notice, sends a registration acknowledgment to 
the distribution management server 16A (step S136). 35 
[02191 The user information storage unit 51 , upon re- 
ceipt of the registration acknowledgment through the 
transmission control unit 61 from the mobile terminal 11 
having the UIM 12 of the user k built therein or connect- 
ed therewith, determines the contents provider 19 stor- *o 
ing the program of which the pointer data has been reg- 
istered for the user k, and sends an activation permis- 
sion request to the contents server 1 9 (step S137) 
[0220J The contents server 1 9 that has received the 
activation permission request, in order to approve a pro- 49 
gram utilization contract, sends the activation permis- 
sion to the usee information storage unit 51 (step S138) 
As a result the user information storage unit 51 consid- 
ers that the use is permitted of the pointer data stored 
in that area of the real distribution information storage 
unit 54 of the individual user information storage area 
53-k for the usor k which corresponds to the basic block 
40-X. 

[0221] The user information storage unit 51 sends a 
registration completion notice indicating that the regis- 
tration in the mobile terminal 11 is completed (step 
S139). This regis; ratio" comp'et-o^ notice contars a 
registration list providing a list of the programs with the 



pointer data thereof registered in the user information 
storage unit 51. 

[02223 The user can confirm the registration list from 
the display section 21 of the mobile terminal 11 



ion of UIM in basic block (the contents 
! program) 



[0223) The user k who has received the registrator 
list can request the program for which he has requested 
registration, to be distributed and written in the UIM "2 
With reference to Fig. 25, this operation wiil be ex- 
plained, 

[0224] The user k performs the operation for selecting 
a program of which distribution is desired trom the reg- 
istration list. Then, s distribution request containing the 
pointer in the registration list, indicating the position 
number in the registration list where the particular pro- 
gram is located, is sent to the user information storage 
unit 51 of the distribution management server 16Afr©m 
the distribution terminal 11 (step S141). 
[0225] The user information storage unit 51 . upon re- 
ceipt of a distribution request from the mobile terminal 
11 of the user k, reads the pointer data specifying the 
place of storing the program proper or the URL of the 
program requiring distribution, from that area of the real 
distribution information storage unit 54 of the individual 
user information storage unit 53-k which corresponds to 
the pointer in the registration list contained in the partic- 
ular distribution request. The distribution request con- 
taining the pointer data is sent to the program informa- 
tion storage unit 52 (step Si 42). 
[02261 The program information storage unit 52 ac- 
cesses the area specified by the pointer data in the par- 
ticuiar distribution request, in the case where the URL 
of the program is stored in the area, the program distri- 
bution is requested from the contents server 19 using 
the URL (step SI 43). 

[0227] The contents server 19, upon receipt of tins 
distribution request, requests the authentication server 
18 to issue a public key for the distribution management 
server <slepS144). 

[0228] In the casewhere the contents server 18 is per- 
mitted to wnte in the UiM 12. the authentication server 
1 8 issues the public key to r the distrib ution m anageme nt 
server to the contents server 1 9 (step S145}. 
[0229] The contents server 1 9 encrypts the program 
using the public key for the distribution management 
server, and distributes it as a program with a certificate. 
$o to the secure communication control unit 62 of the dis- 
tribution management server "6A (step S145). 
[0230] The secure communication control unit 62 has 
stored therein a distribution management server private 
key paired with the distribution management server pub- 
55 lie key, and using this private key, decrypts the program 
with a certificate. In the case where this decryption is 
successful, a program written in a common text is ob- 
tained. 
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[0231] Tne secure communication control unit 6? ac- 
quires the UIM public key corresponding to the destina- 
tion UIM 12 from -he authentication server (refer to trie 
firsf embodiment;, and encrypting the program by the 
UIM public key; sends it to the UIM 12. In the UIM 12. 
the program is decrypted using the UIM private key 
paired with the UIM public key. Once the decryption is 
successful, a progr'am in a common text is obtained. The 
U Ifvl 1 2 writes this program in the basic block 40-X (step 
S147). The UIM 12 determines the basse block 40-X by 
the same algorithm as used by the program information 
storage unit 52 in the distribution management server 
16A. in step S147, therefore, the same basic block 40-X 
is obtained as determined in step S134 o! Fig. 24. Alter- 
natively, the registration completion notice transmitted 
from the distribution management server 1 6A in step 
S 139 of Fig. 24 may contain the information specifying 
the unoccupied basic block 40-X determined in step 
S1 34, and In step Si A? of Fig. 25, the program is stored 
in the basic block 40-X specified by the particular infor- 
mation. 

[0232] The UIM 12. at the end of the program write 
operation, transmits a write end notice to the secure 
communication control unit 62 of the distribution man- 
agement server 16 ;step S148). This write end notice 
contains the information for specifying the basic block 
40-X in which the program is written. 
[0233] When the secure communication control unit 
62 of the distribution management server 16 receives 
the write end notice, the user information storage unit 
51 sends an activation request to the contents server 
1 9 in order to request the permission for execution of 
the program written in the UIM 12 (step S149). 
[0234] The contents server 1 9 that has received this 
activation request sends an activation permission to the 
user Information storage unit 51 (step S15Q). 
[0235] The user information storage unit 51 that has 
received the activation permission sends an activation 
instruction to the Um 12 (step Si 51). 
[0236] In the UiM 12, upon receipt of the activation 
instruction, the activation fiag corresponding to the basic 
block 40-X in which the program is written turns from '0" 
to after wh^h the execution of the program in the 
particular basic block becomes possible. 
[0237] The UIM 12. at the end of the program activa- 
tion, transmits an activation acknowledgment notice in- 
dicating I he end of the program activation lo the user 
information storage unit 51 of the distribution manage- 
ment server 1 6A. together with the information specify- 
ing the program (for example, the information specifying 
the basic block 40-X) (step S152). 
{0238} The user information storage unit 51, upon re- 
ceipt of the actlvatson acknowledgment notice from the 
UIM 12 of the user k, determines an area of the real dis- 
tribution information storage unit 54 of the individual us- 
er information storage unit 53- k corresponding to the ba- 
sic block 40-X. In this area, the pointer data correspond- 
ing to the program written in the basic block 40-X is al- 



ready written in the UIM 12 of the user k. In this area, 
the information to the effect that the activation is com- 
plete is written in such a form that a given pointer coex- 
ists. As the result of this operation the distribution man- 
5 agement server 1 SA can grasp whether the activation 
has been performed for the basic blocks 40-1 to 40-7 of 
all the UiMs 12 by accessing each area of the user in- 
formation storage unit 51 . 

[0239] The user information storage unit 51, at ire 
10 end of the operation for writing the information to the 
effect that the activation is complete notifies the mobile 
terminal 11 that the registration is complete as a pro- 
gram list, and subsequently, nctities that the program 
can be executed, while at the same time ending the 
'5 process (step S 153). 

[0240] The distribution management server 1 6A noti- 
fies the contents server 1 9 that the activation of the pro- 
gram is completed (step S154) 

30 £.3.1 .2] Registration of in UIM basic block (in the case 
where the distribution management server holds the 
program proper) 

[0241] In the example of operation shown in Fig. 25, 
the program proper, of which the distribution is desires 
by the user, is not stored in the distribution management 
server 1 6A but in the contents server 1 9. In the operation 
exampleshown in Fig. 26, in contrast, the program prop- 
er of which the distribution is desired by the user is 
30 stored in the distribution management server 1 6A. The 
operation example shown in Fig. 26 will be explained 
below. 

[0242] The user accesses the registration list re- 
ceived from the distribution management server 16A. 

35 and performs the operation for selecting the desired pro- 
gram. A distribution request containing the pointer in the 
registration fist corresponding to the particular program 
is sent from the mobile terminal 11 to the user Informa- 
tion storage unit 51 of the distribution management serv- 

40 er16A(stepS161). 

[0243] The user information storage unit 51 , upon re- 
ceipt of the distribution request from the mobile terminal 
11 of the user k, reads the pointer data for specifying the 
place of storage of the URL of the program or ;he pro- 

45 gram proper of which the distribution is requested from 
that area of the reai distribution information storage unit 
54 of the individual user information storage unit 53-k 
which corresponds to the pointer in the registration list 
contained in the distribution request. The distribution re- 

30 quest containing this pointer data is sent to the program 
information storage unit 52 (step 8162), 
[0244] The program information storage unit 52 ac- 
cesses the area designated by the pointer data m the 
distribution request. In the case where the program 

55 proper is stored in the particular area, the secure com- 
munication control unit 62 requests the authentication 
server 18 to issue a certificate, i.e. sends a request tor 
the UIM public key required for encrypting the program 
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proper and sending X to the UiM 1 2 of the user k (step 

3163). 

[024SJ in the case where the program corresponding 
to the cistribution request is a program permitted to write 
•n the UIM 12. the authentication server 18 sends the 
UIM public key to the secure communication control unit 
62 (stepS 164). 

[0246] The secure communication control unit 62 re- 
ceives this UIM public key, and upon determination that 
the key is legitimate, encrypts the program to be distrib- 
uted, using the UIM public key, and thus generates a 
program with certificate. 

[0247] When the s;ser performs the operation at the 
mobile terminal 11 to permits the program distribution, 
the secure communication control unit 62 of the distri- 
bution management server 16A sends a program with 
certificate to the UIM 12 of the mobile terminal 11 {step 
SI 65). 

[0248] The UIM 12 has stored therein a UIM private 
Key paired with the UIM public key, and using this UIM 
private key, decrypts the program. The same program 
is written in the basic block 40-X. 
[0249] T he subsequent operation is similar to the cor - 
responding operation shown in Pig. 25. in Fig. 26, stops 
Si 66 to S171 correspond to steps S14S to SI 53 in Fig. 
25. 

12 3.1 .3] Registration in UIM basic block (in the case 
where the distribution management server holds the 
program proper, and the secure communication control 
unit holds the UIM public key) 

[0250] It may happen that when the mobile terminal 
11 sands a distribution request to the distribution man- 
agement server 1 6A, the secure communication control 
unit 82 of the distribution management server 16A holds 
the UIM public key of the UIM 12 to which the program 
is to be distributed Such a phenomenon may occur, for 
example, in the cas-3 where programs are distributed to 
the same UIM 12 within a short time. Fig. 27 shows an 
example of the operation performed in such a case. In 
this operation example, when a program proper corre- 
sponding to the distribution request is found, the pro- 
gram is encrypted using the UIM public key held in the 
secure communication control unit 62 and written in the 
UIM 12. The opera-Ion shown in Fig 27 is similar to the 
operation shown in Fig. 26, except that the operation 
corresponding to steps 51 63 and S1 64 for acquiring the 
UIM public key from the authentication server 1 8 is lack- 
ing. Steps S181, S182, S183toS189 in Fig. 27 corre- 
spond to steps SI 61 Si 62, S165 to S171 , respectively, 
in Fig. 26. 

[2.3.1.4] Registration in UIM free basic block 

(0251] The user, sy operating the mobile terminal 11 , 
can register a program in the free basic biock 40-F1 of 
the UiM 12. This operation is shown in Fig. 28 



[0252] In the case where a program is registered in 
the free basic block 40-F1 of the UiM 12. the user oper- 
ates the mobile terminal 1 1 so that the desired contents 
server 1 9X is accessed and a request for distributing the 

s desired program is sen* to It (step S1 91 ). 

[0253] The contents server 1 9X that has received mis- 
distribution request distributes the requested program 
to the secure communication control unit 62 of the dis- 
tribution management server 16A (step S1 92). 

w [0254] The user performs the operation to permit She 
distribution to the free basic block 40-F1 , and the infor- 
mation indicating the particular operation is sent from 
the mobile terminal 11 to the distribution management 
server 16A. Then, the secure communication control 

is unit 62 distributes the program to the UIM 12 of the mo- 
bile terminal 1 1 (step $1 93). This program may be sent 
in encrypted form or without encryption. The UiM 12 
writes this program in the free basic bloc* 4Q-F1 
[0255] The UIM 12, at the end of the program write 

so operation, transmits a write end notice to the distribution 
management server 16 (step S184). 
[0256] The user information storage unit 51 of the dis- 
tribution management server 16 receives the write end 
notice from the UiM 12 of the user k. and updates the 

25 information including the number of distribution ses- 
sions stored in the area of the user Individual information 
storage unit 53-k corresponding to the free basic biock 
40- F1 (stepS 195). 

[0257] Once this update operation is completed , the 

M user information storage unit 51 sends to the UiM 12 an 
activation instruction for the program written in the free 
basic block 40-F1 (step S1 96). 
[0258] The UIM 12, in compliance with this instruction, 
completes the program activation, and transmits to the 

35 user information storage unit 51 of the distribution man- 
agement server 16 an activation response notice indi- 
cating that the activation of the program in the free basic 
block 40-F1 is completed (step S1 97) 
[0259] The user information storage unit 51 , upon re- 

■>o ce;pt of the activation response notice from the UIM 2 
of the user k, registers the information that the activation 
is complete, in the area of Ihe individual user information 
storage unit 53-k corresponding to the free basic biock 
40-F1 , The user information storage unit 51 notifies, in 

45 the form of program iist the mobile terminal 1 1 that tne 
registration is complete, thereby terminating the proc- 
ess (step S1 98). 

[2.3.1.5] Program deletion from user information 
so storage unit 

[0260] Now. the process for deleting the program reg- 
istered in the user information storage unit 51 will be 
explained with reference to Fig. 29. 
55 [0261] The user, by performing a predetermined op- 
eration, can display the registration program iist re- 
ceived from the distribution management server 1 6 A on 
the display unit 21 . Under this condition, the user spec- 
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jfies the desired program and instructs to delete the pro- 
gram in the distribution management server 16A. A pro- 
gram registration delete request containing the informa- 
tion ^or specifying wnaf is to be deleted is sent to the 
user information storage unit 51 of the distribution man- 5 
agsment server ISA (step S2Q1). 
[0262] in the case where the program to be deleted is 
already deleted from any one of the basic blocks 40-1 
to 40-7 o? the UIM 12, the user information storage unit 
5i sends a cancel request indicating the desire of the « 
user to cancel the utilisation of the program, to the con- 
tents server 1 S from which the particular program is dis- 
tributed (step S2C2; In the case where a program to be 
deleted remains undeleted in any one cf the basic 
blocks 40-1 to 40-7 of the UiM 12, on the other hand. '5 
ths process for deletion of the program from the basic 
blocks 40-1 to 40-7. described later, is cameo out at the 
same time under -he guidance of the distribution man- 
agement server ISA. 

[02S3] The contents server 19, upon receipt of the so 
cancel request, sends a cancel permission notice to the 
user information storage unit 51 of the distribution man- 
agement server ISA {step S203). 
[0264] The user information storage unit 51 : upon re- 
ceipt of the cancel parmission notice, deletes the infer- 25 
mation on the program of which the deletion is request- 
ed in step S201 , and sends the registered program list 
after deletion to the mobile terminal 1i (step S204). 

•2 3,16) Program delation from UIM basic block 30 

[0265] Now. the process for deleting a program from 
the basic blocks 40-1 to 40-7 of the UIM 12 will be ex- 
plained with reference to Fig. 30. 

[0266] The user, by performing a predetermined op- 35 
eration, can display on the display unit 21 the registered 
program list transmitted already to the mobile terminal 
11. Under this condition, assume that the userspecifies 
the desired program and gives an instruction to delete 
it. One of the base blocks 40-1 to 40-7 of the UfM 12 40 
where the program to be deleted is stored is determined, 
and a deletion request containing the information spec- 
ifying the particular basic block is transmitted from the 
mobile terminal 11 to the use' information storage unit 
51 of the distribution management server 16A (step 45 
S211). 

[0267] The user information storage unit 51 . upon re- 
ceipt of the deletion request, sends a deletion permis- 
sion notice to the U;M 12 (step 3212) 
[0268J The UIM 12, upon receipt of the deletion per- 
mission notice, deletes the program specified by the us- 
er in stop S21 1 frcm the basic block, and sonds a dele- 
tion end notice tc the user information storage unit 51 
(step S213), 

[0269J As a resets, the user information storage unit 
51 deietes the infor-nat on on the corresponding pro- 
gram under the control of the transmission control unit 
61 , and gives a deisiion notice to the contents server 1 9 



(stepS214). 

[0270] Also, the user information storage unit 51 no- 
tifies the mobile terminal 11 that the deletion is complete 
in theformo! a program list, thereby ending the process. 

[2.3.1 .6.1] The case in which the program deletion frcm 
basic block is carried out at the same time under the 
guidance of distribution management server. 

(0271] As described above, if the process for deleting 
a program from the basic blocks 40-1 to 40-7 is earned 
out at the same time as the deletion of the program from 
the user information storage unit 5 under the guidance 
of the distribution management server the user infor- 
mation storage unit 51 of the distribution management 
server sends a deletion instruction to the UIM by spec- 
ifying the program of which deletion is requested , in 
place of the process of steps S21 1 and S21 2 described 
above. 

[2.3.1 .7} The case in which use of user information 
storage unit is prohibited. 

(0272] According to this embodiment, a deactivation 
process for the user information storage unit can be ex- 
ecuted for preventing the user from using the user infor- 
mation storage unit 51 . This deactivation process .for the 
us-er information storage unit is earned out. for example, 
in the case where the distribution management server 
1 6A stops the service temporarily, or the service of the 
distribution management server 16A to the user is tem- 
porarily suspended at the request of the contents pro- 
vider holding the contents server 19. Once this deacti- 
vation process for the user information storage unit is 
carried out, the distribution of the programs registered 
in the user information storage unit 51 to the JIM 12 is 
prohibited and so is the deletion of the programs regis- 
tered in the UIM 12. 

[0273] Now, with reference to Fig. 31 , the deactivation 
process for the user information storage unit will be ex- 
plained. The following description concerns the case in 
which the contents server 19 requests the deactivation 
process for the user information storage unit. 
[0274] First, the contents server 19 sends a user in- 
formation storage unit deactivation request to the user 
information storage unit 51 of the distribution manage- 
ment server 16A (step S221 j 

[0275] The user information storage unit 51 , upon re- 
ceipt of the user information storage unit deactivation 
request, is prohibited from use (deactivated state), and 
sends a user information storage unit deactivation per- 
mission notice to the contents server 19 (step S222}. 
[0276] Then, -he user information storage unit 51 
sends to the mobile terminal 11 a user information stor- 
age unit deactivation notice to the effect that the uss of 
the userin'om-a: enskvage unit 52 has been ony toiled 
(step S223). 

£0277] As a result, the user of the mobile terminal 11 
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can confirm that t he use of the user information storage 
unit 51 has been prohibited. 

(2.3.1.7.11 The case in which the user information 
storage unit is deactivated by distribution management 
server 

[0278] in the case where the user information storage 
unit is deactivated by the distribution management serv- 
er 16A by itseif, the user information storage unit 51 is 
prohibited from use i< activate? whjss as a User in- 
formation storage unit deactivation notice to the mobile 
terminal 11 indicating that, the use of the user information 
storage unit 51 is prohibited (step S223). 

[2 3 1 81 The case in which the use of the program 
stores in UIM basic block is prohibited 

[0279] Now ; the process for deactivation of basic 
block for prohibiting the use of a program stored in the 
basic blocks 40-1 to 40-7 or the free basic block 40-F1 
of the UIM 12 will ba -sxpiained with reference to Fig. 32. 
[0280] This process is carried out in the case where 
the mobile terminal it is stolen or the extern?, provider 
requests the user to prohibit the use thereof. Once this 
process is carried out, the user is prohibited from using 
the programs stored in the basic blocks (including the 
free basic block) involved. The description that follows 
deals with the case in which the user service server 65 
in charge of user services, taking an appropriate meas- 
ure such as when the mobile terminal 11 is stolen, re- 
quests the process for deactivating tne basic blocks 
based on the report from the user. 
[0281 ] Fig. 32 snows a sequence of the deactivation 
process for the basic blocks. 

[0282] First, the user service server 65 sends a basic 
block deactivation request to the user information stor- 
age unit 51 of the distribution management server 16A 

(stepS23i). 

[02831 The user information storage unit 51 , upon re- 
ceipt of the basic i^ock deactivation request, sends a 
deactivation instruction to the UIM 12 (step S232) 
[0284] As a res^U, the UIM 12 deactivates the basic 
blocks meeting the basic block deactivation request, 
and gives a basic block deactivation response indicating 
that the use of the basic blocks has been prohibited 
(step S233) 

[0285] Then, the user information storage unit 51 
gives a basic block deactivation end notice to the user 
service server 65 indicating that the use of the basic 
blocks of the UIM IS has been prohibited (step S234). 
[0286] Further, the user information storage unit 51 
gives a user information storage unit list to the mobile 
terminal 11 Indicating that the use of the basic blocks 
(which may include- the free basic block) is prohibited, 
thereby ending the process (step S235). 



2.4] Eff< 



d embodiment 



[02873 As described above according to the second 
embodiment, programs can be distributed beyond the 
s limit of the number of the storage areas of the storage 
module (UIM), and the operating convenience on the 
part of the user is improved. 

[0288] Also, the distribution management server can 
easily manage the activation/deactivation of the pro- 
10 gram distributed, and the distribution and the activation/ 
deactivation of the program ready for distribution. 

[3] Modifications of embodiments 

is (3.1 1 First modification 

[0289] The foregoing description deals with the case 
in which a single distribution management server is in- 
volved. Nevertheless, a plurality of distribution manage- 
so merit servers can be provided! or distributedprocessing. 
[0290] in such a case, the programs stored in each 
UIM and the information on the storage area of each 
program can be stored in a common database. 

as [3.2] Second modification 

[0291] Apart from the foregoing description, dealing 
with the case in which the distribution management 
server is connected directly to a line switching network, 
30 the distribution management server can be connected 
to the line switching network through an internet making 
up a packet switching network and an internet gateway. 

[3.3] Third modification 

35 

[0292] Although only the UIM is described above as 
a storage module, tne invention is a:so applicable to var- 
ious IC card memories with equal effect. In this case, 
the storage module can be arranged at a fixed terminal 
40 as well as at a mobile terminal. 



45 1. A program distribution system comprising. 

al least a mobile terminal having means 'or 
transmitting a program distribution request; 
a storage n-.oduie built in or connected to said 
so mobile terminal; 

a contents server for receiving said distribution 
request and transmitting a program to be dis- 
tributed; and 

a distribJtion management sever for receiving 
55 said program from said contents server, and 

only in a case where said contents server is an 
authorized contents server, transmitting said 
program received from said contents server to 
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said storage module buiH in or connected to 
said mob: 8 tertira 

characterized in that said storage module in- 
cludes 5 

a storage unit, and 

a contrci unit for storing In said storage unit said 
program received from said distribution man- 
agement server through said mobile terminal w 
and, in compliance with a request, executing 
said program stored in said storage unit. 

2 A program cslstnbution system as set forth in claim 
1 further comprising an authentication server lor '5 
storing a firs: encryption key unique to said storage 
module, 

characterised in that said control unit of said 
storage module decrypts said program encrypted 
by said first encryption key and, only in a case 20 
where decryption is successful, said program ob- 
tained by decryption is stored in said storage unit. 

said contents server, upon receipt of said dis- 
tribution request, acquires said first encryption key 
from said authentication server and, using said first as 
encryption key, encrypts said program to be distrib- 
uted, said contents server further encrypting said 
program using a second encryption key obtained in 
advance and transmitting if to said distribution man- 
agement server, and 30 

said distribution management server decrypts 
said encrypted program received from said con- 
tents server, using said second encryption key, gen- 
erates a program encrypted only by said first en- 
cryption key and. only in a case where said decryp- 35 
fion is successful transmits said program obtained 
by said decryption to storage module. 

3. A program distribution system as set forth in claim 

1, characterized in that said storage module 40 
stores a program and data used by said program. 

4. A program distribution system as set forth in claim 
' . characterized in that saic distribution manage- 
ment server incisure a charge processing unit for 4S 
starling a charge process at a time of distributing 

a? program to sa:d storage module. 

5. A program distribution system as set forth in claim 

4, characterised in that said charge processing so 
unit charges for rental of said storage module. 

6. A program distribution system as set forth in claim 
1 characterized in that said distribution manage- 
ment server includes a charge processing unit for 55 
starting said charge process at a time of holding a 
program for said storage module. 



7. A program distribution system as sei forth in claim 
6, characterized in that said charge processing 
unit charges for rental of said storage moduie 

8. A program distribution system as set forth in claim 
1 , characterized in that said distribution manage- 
ment server transmits an activation instruction to 
said storage module at the request of another de- 
vice, and 

said storage module, upon receipt of said ac- 
tivation instruction, is ready to execute said pro- 
gram stored in said storage module and designated 
by said activation instruction. 

9. A program distribution system as set forth in claim 
1 : characterized in that said distribution manage- 
ment server transmits a deactivation instruction to 
said storage module at a request of another device, 
and 

udiC stcayo mcduv. upon receipt of sard c--> 
activation instruction, is ready to execute said pro- 
gram stored in said storage module and designated 
by said activation instruction. 

10. A program distribution system as set forth in claim 
1 , characterized in that said distribution manage- 
ment server transmits a deletion instruction to said 
storage moduie at said request of another device, 
and 

said storage module, upon receipt of said de- 
letion instruction, deletes the program designated 
by said deletion instruction from said storage mod- 
ule. 

11. A program distribution system as set forth in claim 
1 , characterized in that said distribution manage- 
ment server includes means for managing a state 
of said program in said storage module based on 
information sent to said storage module. 

12. A program distribution system as set forth in cia>m 
1 , characterized in that said distribution manage- 
ment server acquires version information for said 
storage moduie and determines whether said pro- 
gram is to be distributed or not, based on said ver- 
sion information. 

13. A program distribution system as set forth in claim 
1, characterized in that said mobile terminal in- 
cludes a first communication unit fo- communica- 
tion utilizing a mobile communication network, end 
a second communication unit different from sad 
first communication unit, and 

said control unit of said storage module In- 
cludes means for communication utilizing said sec- 
ond communication unit in accordance with sa d 
program stored in said storage module. 
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14. A program distribution system corporsi^-:; 

a mosile terminal having means for transmitting 
a program distribution request: 
a storage module built in or connected to said 
mobile terminal : and 

a communication management server for re- 
ceiving saic distribution request, and in a case 
where a program to be distributes is provided 
by an "authorized contents server acquiring 
said program and transmitting it to said storage 
module buiii in or connected to said mobile ter- 
minal; characterized in that said storage mod- 
ule includes, 
a storage unit, and 

a control ur.-X for receiving interna- c " tmcugf-. 
saio mobile terminal, storing in said storage unit 
said information only in a case wr^ere sas'd in- 
formation is a program received from said dis- 
tribution management server, and executing 
said program stored in said storage unit, in 
compliance with a request. 

15. A program distribution system as set forth in claim 

1 4. characterized in that said distribution manage- 
ment server includes a real distribution information 
storage unit for storing pointer data for specifying a 
program sent to said storage module 

16. A program distribution system as set forth in claim 

15. characterized in that said storage unit of said 
storage module includes a plurality of basic blocks 
for storing programs, and said real distribution in- 
formation storage unit of said distribution manage- 
ment server includes a plurality of areas corre- 
sponding to a piurality of said basic fciocks. 



17. A program distribution system as set forth in claim 
16. characterised in that said distribution manage- 
ment server includes a virtual distribution informs- 40 
tion storage unit for storing sad pointer data tor 
specifying a program capable of being distributed 
to said storage module but not currently stored in 
said storage module, and upon receipt of request 
of distribution, to said storage moduie of a program 
specified by said pointer data stored in said virtual 
distribution information storage unit, said program 
is distributed to said storage module and, said point- 
er data for specifying said program is moved from 
said virtual information distribution storage unit to so 
saio reai distribution information storage unit 

18. A program distribution system as set forth in claim 
16. characterized in that said distribution manage- 
ment server includes a program information storage 55 
unit for storing selected one of address information 
indicating a location of a program capable of being 
acquired from said contents serve- and a program 



acquired from said contents server and, upon re- 
ceipt of a request for distribution, to said storage 
module, of a program specified by said pointer data 
stored in selected one of said real distribution infor- 
> mation storage unit and said virtual storage infor- 
mation storage unit, saio program is acquired uting 
said program information storage unit and is distrib- 
uted to said storage module. 

o 19. A program distribution system as set forth in da m 
17, characterized in that said mobile tormina: in- 
cludes means for transmitting a menu list request, 
and 

said distribution management server, in ccm- 
is pliance with said menu list request, accesses sa-d 
cointer data stored in said real distribution informa- 
tion storage unit and said virtual distribution infor- 
mation storage unit for said storage module buiit in 
or connected to said mobile terminal, generates a 
to list of programs specified by said pointer data, and 
transmitting said list to said mobile terminal. 

20. A program attribution system as set forth in claim 
14, characterized in that 

,?5 said mobile terminal includes a first commu- 

nication unit for communication utilizing & mobile 
communication network, and a second communica- 
tion unit different from saidfirst communication unit; 
and 

30 said control unit of said storage moduie in- 

cludes means for communication utilizing .sate sec- 
ond communication unit in accordance with a pro- 
gram stored in said storage moduie. 

3$ 21. A distribution management server characterized 
by comprising: 

means for receiving from a contents server a 
program encrypted by a first encryption key- 
unique to a destination of distribution and a sec- 
ond encryption key unique to said contents 
server permitted to distribute said program; and 
means for decrypting said program received 
from said contents server to a state encrypted 
by said second encryption key thereby to gen- 
erate a program encrypted by only said first en- 
cryption key. said program being distributed lo 
said storage module built in or connected to a 
mobile terminal 

22. A distribution management server characterized 
by comprising: 

a program information storage unit for storing 
selected one of a program acquired in advance 
from an authorized contents server anc ad- 
dress information thereof; 
a reai distribution information storage unit for 
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storing pointer data indicating a stored position, 
in said program information storage unit, of a 
program which is said program stored in a stor- 
age module buiit in or connected to a mobile 
terminal, or in a case where address informa- 5 
tion of said program is stored in said program 
:nformat ; or itc-i^o ;.r:;. a seiecte •:, cne of saici 
program and said address information thereof: 
a virtual distribution information storage unit for 
scoring pointer data indicating said stored posi- >o 
tion of a program in said program information 
storage unit, in a case where a program which 
is said program distributable to said storage 
module but not currently stored in said storage 
module, or address information thereof is *5 
stored in said program information storage unit: 26. 
and 

means for acquiring a program specified by 
said pointer data stored in said, virtual distribu- 
tion information storage unit, utilizing said pro- so 
gram information storage unit in accordance 
with a request from said mobile terminal, and 
distributing said program to said storage mod- 
ule, and moving said pointer data to said real 
distribution information storage unit., as 



terized in that said storage unit includes a plurality 
of storage blocks for executing a program, and a 
storage area for storing an activation flag indicating 
whether a program stored in each storage block can 
be executed or not. and 

said control unit writes said activation flag m 
accordance with an instruction received from a dis- 
tribution rnanagemen! server through said mobile 
terminal, and in a case where an instruction is given 
to execute a program stored in any one of basic 
blocks through said mobile terminal, said control 
unit determines whether said execution instruction 
is to be followed or not based on an activation flag 
corresponding to one of said basic blocks. 

A program distribution method characterized £>y 
comprising: 

a step of a mobile terminal Iransmitting a pro- 
gram distribution request to a contents server, 
said storage module being buiit in or connected 
to said mobile terminal; 
a step of said contents server receiving said 
distribution request and transmitting a program 
!o be distributed, to a distribution management 
server; and 

a step of transmitting said program to said stor- 
age moduie built in or connected to said mobile 
terminal to which said distribution request is 
transmitted, in a case where said co ntents ssrv- 



23. A contents server comprising: 

means for acquiring an encryption key unique 
to a storage module from an external authenti- 
cation server upon receipt of a program distri- 
bution request from a mobile terminal built in or 
connected to said storage moduie; 
first encryption means for encrypting a program 
to be distributed, by said first encryption key; 
seconc encryption means for encrypting a pro- 
cram obtained by said first encryption means, 
in such a manner as to be decrypted by the dis- 
tribution management server for distribution to 
said storage module; and 
means for transmitting said program encrypted 
by said first and second encryption means to 
said distribution management server. 

24. A storage module built In or connected to a mobile 
terminal, comprising: 

a storage unit; and 

a control unit for receiving an encrypted pro- 
gram from a specific distribution management 
serverthroLigh said mobile terminal decrypting 
said program by a private key stored in ad- 
vance, storing said program in said storage unit 
oniy in a case where said decryption succeeds 
and, in response to a request, executing said 
program stored in said storage urn; 

25. A storage module as set forth in claim 24, charac- 



er transmitting said program is an authorized 
contents server. 

27. A program distribution method comprising: 

35 

a step of a mobile lerminal transmitting a pro- 
gram distribution request to a contents server, 
said storage module being but in or connected 
to said mobile terminal: 

40 a step of said contents server receiving said 

distribution request and acquiring a first en- 
cryption key unique to said storage mocuie 
from an authentication server; 
a step of said contents server encrypting a pro- 

45 gram to be distributed, by said first encryption 

key; 

a step of said contents server encrypting a pro- 
gram encrypted by said first encryption key, by 
a second encryption key acquired in advance, 

50 a step of said contents server transmitting a 

program encrypted by said first encryption key 
and said second encryption key, to a distribu- 
tion management server; 
a step of said distribution management server 

55 decrypting said program transmitted from ss : id 

contents server, to a state before said second 
encryption, and generating a program encrypt- 
ed only by said first encryption key: and 
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a step of ssid distribution management server 
transmitting a program encrypted only by said 
first encryption key. to said storage module built 
in or connected to a mobile terminal to which 
said distribution request is transmitted. 

28. A program distribution method comprising: 

a step of a mobile terminal transmitting a pro- 
gram distribution request to a distribution man- 
agement server, a storage module being built 
in or connected to said mobile terminal; 
a step of said distribution management server 
receiving said distribution request, and deter- 
mining whether a program to be distributed is 
a program provided by an authorized contents 
server or net; and 

acquiring sa:d program and transmitting it to a 
storage module built in or connected to said 
mobile terminal in a case where said program 
to be distributed is provided by an authorized 
contents server. 

29. A program distribution method as set forth in claim 
28, comprising: 

a step of said distribution management server 
storing a program or address information there- 
of in storage means in place of said storage 
module; and 30 
a step of sa d distribution management server, 
upon receipt of a program distribution request 
from said mobile terminal; acquiring a request- 
ed program using said storage means and dis- 
tributing it to said storage module. 35 

30. A program for causing a ccmpuler of a distribution 
management server to execute: 

a process for receiving from said contents serv- -»o 
er a program which has been encrypted by a 
first encryption key unique lo a distribution des- 
tination and a second encryption key unique to 
a contents server authorized to distribute a pro- 
gram; and 45 
a process for decrypting a program received 
from said contents server and thereby restoring 
said program to a state before the encryption 
by said second encryption key, thereby gener- 
ating a prcg-am encrypted only by said first en- so 
cryption key and distributing said program to a 
storage module bui It in or connected to a mobile 
terminal. 

31 . A program for causing a computer of a distribution 55 
management server to execute 

a step ot receiving a program distribution re- 



quest from a mobile terminal with a storage 
module built therein or connected thereto: 
a step of determining whether * program tc be 
distributed is provided by an authorized con- 
tents server; and 

a step of acquiring said program to be distrib- 
uted and transmitting it to a storage module 
built in or connected to said mobile terminal in 
a case where said program is provided by an 
authorized contents server 

32. A program distribution method as set forth in claim 
30. characterized toy comprising: 

a step of storing a program or the address in- 
formation thereof in storage means in place of 
said storage module: and 
a step of acquiring a requested program using 
said storage means and distributing said pro- 
gram to said storage module, upon receipt of a 
program distribution request from said mobile 
terminal. 

33. A program for causing a computer of a contents 
server to execute: 



s for acquiring, upon receipt of a pro- 
gram distribution request from a mobile termi- 
nal with a storage modute buiit therein or con- 
nected thereto, an encryption key unique to 
said storage module frcm an externa! authen- 
tication server; 

the first encryption process for encrypting a 
program to be distributed, by said first encryp- 
tion key: 

the seconc encryption process for encrypting a 
program obtained by said first encryption proc- 
ess, in such a manner as to be decrypted by a 
distribution management server for distributing 
a program to said storage module; and 
the process for transmitting a program encrypt- 
ed by said first and secend encryption process- 
es to said distribution management server. 

34. A program for causing the control unit of a storage 
module buiit in or connected to a mobile terminal to 



a process ior receiving an encn/pted program 
from a specified distribution management serv- 
er through 3 mobile terminal: 
a procass for decrypting the received program 
by a private key stored in advance, and cniy in 
a case wr-ere said decryption is successful, 
storing said program in a storage unit; and 
a process for executing the program stored in 
said storage unit, as required 
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. A program for causing a computer of a distribution 
management server tc execute: 

a process for receiving from a contents server 
authorized lo distribute a program, a program s 
encrypted by a first encryption key unique to a 
distributee and & second encryption key unique 
to said contents server; and 
a process for decrypting said program received 
from said contents server and restoring said 10 
program to a state before said encryption by 
said second encryption key, thereby generating 
a program encrypted oniy by said first encryp- 
tion key, and distributing saio program to a stor- 
age module bunt in or connected to a mobile »5 
terminal. 

. A program for causing a computer of a distribution 
management server to execute: 

20 

a step of receiving a program distribution re- 
quest from a mobile terminal with a storage 
module built therein or connected thereto; 
a step of determining whether a program to be 
distributed is provided by an authorized con- *s 
tents server or not; and 
a step of acquiring and transmitting a program 
to be distributed, to a storage module built in or 
connected to said mobile terminal in the case 
where said orogram is provided by an author- 30 
ized contents server. 



distribution management server for distributing 
a program to said storage module; and 
a process for transmitting to said distribution 
management server said program encrypted 
by said first and said second encryption proc- 



. A program for causing said control unit of a storage 
module built in or connected to a mobile terminal to 



s tor receiving an encrypted program 
from a specified distribution management serv- 
er through said mobile terminal; 
a process for decrypting said received program 
by a private key stored, and storing said pro- 
gram in a storage unit only in a case where said 
decryption is successful; and 
a process for executing said program stored in 
said storage unit, as required. 



37. A program distribution method as set forth in claim 
36, characterised by comprising; ' 

3$ 

a step of stor ing a program or the address in- 
formation thereof in storage means in place of 
said storage module; and 
acquiring, upon receipt of a program distribu- 
tion request from said mobile terminal, the re- -to 
quested program utilizing said storage means 
and distributing said program to said storage 
mcduie. 



38. A program for causing a computer of a contents *? 
server to execute: 



a process for acquiring an encryption key 
unique to a storage module buiit in or connect- 
ed to a mcs-e terminal from an external authen- so 
tication server, upon receipt of a program dis- 
tribution request from said mobile terminal; 
a first encryption process for encrypting a pro- 
gram to be distributed, by said first encryption 
key: 55 
a second encryption key for encrypting said 
program obtained by said first encryption proc- 
ess, in such a manner as to be decrypted by a 
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